By Tiffany Braun, Regional Director of Sales and Marketing, Two Roads Hospitality, and Katie Briscoe, Executive Vice President, Client Services, MMGY Global — members of HSMAI’s Marketing Advisory Board
Even as consumers are expecting hotels to offer more relevant and personalized service, the looming requirements of the European Union’s General Data Protection Regulation (GDPR) along with the ongoing controversy over Facebook’s handling of user information remind us that while data collection is more important than ever to our business, what we do with that data is going to be subject to increasing scrutiny.
On a recent call for HSMAI’s Marketing Advisory Board, we facilitated a conversation about how to collect data responsibly when consumer skepticism is at an all-time high. Here are key takeaways:
Figure out who owns this. Determining who is responsible for data privacy means determining who is responsible for data collection — and for a hotel, that can be complicated. Is it the owner? The brand? The management company? The third-party marketing agency? “What we don’t know is, if something were to happen, where does the lion’s share of the fault lie?” one Marketing Advisory Board member said. “We don’t understand that yet.”
Another member referred to the GDPR for guidance, noting: “They identify two kinds of data [handlers]: There’s a data controller, which is the hotel, and there’s a data processor, which is a vendor. And if you read the language, it’s pretty clear that the data controller is ultimately liable for the activities that go on with their data.”
Take your cues from the GDPR. Indeed, while the GDPR isn’t a U.S. law, it applies to EU citizens visiting the United States, and the U.S. Department of Commerce has pledged to help enforce it. Plus, as one Marketing Advisory Board member noted on our call, the grilling that Facebook CEO Mark Zuckerberg received during hearings on Capitol Hill in early April suggest that U.S. legislators may be interested in enacting something like the GDPR. “My recommendation is to start doing the GDPR stuff here in the U.S.,” the member said. “No, it isn’t required by law, but we’re headed that way very, very quickly, and it will clean up everything for all your visitors from Europe.” Another member added: “You want to be on the right side of this, not the wrong side, doing stuff really aggressively.”
Who’s doing it right? A Marketing Advisory Board member pointed to Criteo and HubSpot as organizations that are handling data collection — specifically regarding GDPR compliance — with both transparency and substance. HubSpot, for example, “kind of said, here’s the product roadmap,” the member said, “here’s what we’re doing regarding consent, withdrawal of consent, the corporate standards, and then an FAQ — which was a very helpful format.”
It’s about trust. It’s becoming increasingly clear that while consumers know when they’ve given us their data, they often don’t realize how far that data can travel after they do. It’s on us to be upfront with them about that. “Regardless of all the legal implications of owning the data and how we share it and so forth, it’s making sure we have consumer trust,” a Marketing Advisory Board member said. “What’s going to happen is that we’re going to have to get back to some very basic, traditional marketing efforts, which could be more email or direct mail or print ads or things like that that speak very directly to our consumers and what we know about them. Not that we’re going to go back to an old-fashioned way of doing business, but I think there’s going to be a period of establishing trust for our customers.”