Skip to main content

Learn How GDPR Can Empower Hospitality Firms and Their Customers


Advertising spend in the U.S. travel industry is projected to reach $7.72 billion by 2019. Travel is one of the biggest spenders in programmatic advertising and social media retargeting. This is why the coming of GDPR, which will redefine the parameters of consumer trust and privacy, represents the next great disruption to the hospitality industry.

GDPR is not just a beefing up of existing privacy frameworks; it's a complete paradigm shift, asserting that personal data belongs to the individual. Beginning May 25, 2018, organizations must be crystal clear when it comes to personal data and special category data – proving consent was given and explaining what data is being used for, how it's protected, and how long it'll be kept. This article from Talend and Onepoint Ltd. will discuss what hospitality companies must do to prepare for GDPR as well as how they can turn these new requirements into a valuable asset for the company.

What do hospitality firms have to do to prepare?

Although there is no scientific data on GDPR readiness of travel companies, anecdotal evidence suggests that just eight percent are prepared, despite intervention and guidance by industry bodies.

GDPR compliance is more than a legal challenge – it’s also an operational challenge. Historically, point-of-sale devices and large, often weak, databases make hospitality firms easy prey for cyber criminals. With the new onus on data protection and privacy, companies will need to ensure systems are impervious to attack.

Companies should get hands-on with their data, mapping their customer and employee data across all systems and defining processes and controls to not only mitigate GDPR fines, consumer wrath and brand damage, but also to improve quality and reduce redundancy of personal data.

Larger companies should appoint a Data Protection Officer (DPO) to oversee compliance with the new GDPR rules and ensure these processes and controls are fit for purpose. The DPO is responsible for ensuring the privacy and security of personal data extends to these environments as well. This will typically require a review of existing contractual agreements and must not be neglected if these organizations wish to ensure compliance.

GDPR has cultural implications, too. Marketing chiefs need to enact the data subject access rights, such as accessibility, rectification, data portability or the right to be forgotten. We’re entering an era where auto opt-ins and implied consent will no longer be an acceptable practice. Consent needs to be explicit and verifiable – there will be no more opt-in by default, omission or attrition. Under GDPR rules, customers must know how firms use their data.

Organizations should look at GDPR as an opportunity to use the latest cloud-based data integration and data fabric platforms to create a full, 360-degree view of their customers. Analyzing to validate, clean, enrich, and remove redundancy from customer data pipelines can create a trusted source of customer information that can be accessed and managed in real time, as part of the customer journey.

Organizations should leverage big data-ready platforms that allow them to capture, reconcile, document, protect and publish any personal information in an automated way, whether in the cloud or on-premise, thus creating an always up-to-date map of GDPR-related data across their IT landscape. Furthermore, it will foster accountability and stewardship from the DPO down to operations, and will allow the protection or anonymity of data when needed.

Translating GDPR readiness into value

When it comes to customer desires, the hospitality sector has an advantage over other industries. Travel is like getting a haircut: most people do it at least once a year, and they want to make it personal.

A study by American Express found that 83 percent of millennials said they would happily let hospitality brands track their digital patterns if it resulted in a more relevant, personalized experience. In fact, 85 percent of all respondents – of all age groups – said that customized itineraries and messaging were much more desirable than general, mass-market offerings.

There are customers who want to opt-in. Implementing a data fabric and management system that creates a controlled 360-degree view of the customer to remain GDPR compliant will allow hospitality firms to maintain customer satisfaction and profitability. Firms can stockpile that data for more effective segmentation, curating engaging content that really fits the customer's vision. The quality of the customer journey and experience is directly linked to quantity and quality of the customer data, so it’s time to act. 

This ad will auto-close in 10 seconds