On 25th May 2018 the EU’s new data privacy law, General Data Protection Regulation (GDPR), goes into effect. In this article we cover what it is, what it means to you and what you need to do.
What is GDPR?
GDPR is an EU privacy law that comes into effect on the 25th May 2018. The law is designed to enable individuals to better control their personal data.
What does GDPR mean to you?
If your business is based within the EU or you receive bookings from guests who are EU citizens, GDPR applies to you.
By collecting personal data such as names, email addresses and phone numbers, via an enquiry or contact form on your website, you will need to comply with the new regulations.
What do you need to do to ensure compliance with GDPR?
Things to review:
- What personal data do you have?
- How do you collect it?
- Where is it stored?
- What do you tell people about how it’s processed?
And finally, it’s a good idea to add the cookie consent widget to your website (this can be found in Section 4 – Widgets).
Using guest information for additional marketing purposes
If you are communicating with previous enquirers or guests for marketing purposes, e.g. to keep them updated with any special offers, or to share blog content, you must have explicit consent from them and you must be able to show how you got that consent.
If you are not sure whether you have consent that complies with GDPR you could run a re-confirm campaign using an email list service like MailChimp. You can send an email to your contact list including very explicit language asking them to sign up again if they would like to continue receiving emails. You can find further instructions on how to do this with MailChimp here.
What has PromoteMyPlace done to prepare?
You can read it in full here.
For the official information about the 2018 reform of EU data protection rules, refer to the European Commission website here.
This post provides a high-level overview about GDPR, but is not intended, and should not be taken, as legal advice. Please contact a legal professional if you need specific advice on GDPR.