Hotel Owner April 2018 | Page 24

ADVICE
PREPARING FOR GDPR
collect this so they can account for sales,
manage
stock
and
understand
what
2. Be honest and transparent about
to receive the email, and will be more
the data you’re collecting
engaged with its content.
products customers are buying. If there’s This is another vital part of GDPR – tell your For retailers capturing customer data
no personal data involved, this is even more customers, clearly and succinctly, about why at till – to sign them up to a loyalty card,
straightforward. you’re capturing their data. There are two for example – you will need to ensure store
key elements here: staff have the right training to communicate
Once personal data becomes involved,
it becomes more complicated. Obtaining a Firstly, for marketing permissions, the clearly your brand’s data capture policies, and
person’s address so you can send them their consent wording used when they proactively to ensure they follow the right processes to
order makes sense and this is a very specific tick to correctly collect permissions. If they do, the
purpose which is easy for the customer marketing should be unambiguous: “we will data they collect from a customer remains
to understand. But, capturing their date send you SMS marketing containing the usable in the future, otherwise you’ll need to
of birth to deliver their order is a less clear latest news and offers”. delete anything incorrectly captured.
proposition, unless, for example, you’re using
it to supply restricted products.
the
box
indicating
they
opt-in
Secondly, your privacy policy should state
Lastly,
a
point
on
execution.
Most
clearly that you might use any collected data customers won’t have read the ICO’s guide
From a marketing perspective, justifying for analysis or profiling. It should also state on GDPR and aren’t going to understand,
personal data capture can be even more how they can exercise their GDPR rights or care, about every GDPR term. Embrace
challenging. On date of birth, for example, – such as ‘Right to be Forgotten’ – for any this as a chance to avoid jargon in your
there would be no traditional reason to personal data held by your company. policies and say things concisely, simply and
capture this for the purposes of marketing.
Being
honest
and
transparent
at
clearly. And absolutely steer clear of double
negatives and pre-ticked boxes.
But if you plan to reward a customer on every stage will make customers feel more their birthday, the data capture is justified comfortable about handing over their data – as long as you actually follow up on your and inspire further trust in your brand. So intent. If you don’t, the need to hold the data when a customer receives an email from vanishes, and you should delete the data. you, they’re less likely to ask “why am I Post-GDPR, it’s no longer enough to simply
3. Follow best practice to keep using
collected data in the future
Lastly, ensure your privacy policy clearly getting this?” and mark you down as spam have
states that you may use collected data for – or worse, report you to the Information wording up front. You’ll need to remind
analysis or profiling, meaning you could use Commissioner’s Instead, customers at least annually about what they
a correctly captured date of birth to segment with a transparent sign up process, your opted-in to, and that they have the option to
customers by age group to understand your customers will fully understand why they’re change these preferences.
sales better, or improve your targeting. getting the email, were hopefully expecting
24
www.hotelowner.co.uk
Office
(ICO).
honest
and
transparent
consent
For customers no longer interacting with
April 2018