*This should not be construed as legal advice. These are marketing tips. Consult your legal counsel for official direction about GDPR.
In case you’ve missed it, the General Data Protection Act (GDPR), went into effect on May 25, 2018. And if you didn’t take it seriously, here’s your wakeup call: A German court just issued the first ruling for a GDPR violation.
Marketers have had over two years to prepare for the changes this law requires. Many of you have taken action to update your processes to comply with GDPR stipulations. But for those who haven’t, this lawsuit is a serious reminder you should assess and document the personal data you collect and process.
For travel companies, the implications of GDPR are especially important to understand thanks to the personal and sensitive data you gather and process. We’re pointing the finger at you, airlines, cruises, car rental sites, even airport parking lot companies.
You collect personal data — names, travel purposes, email addresses, payment info — and it all could be used against you in a GDPR ruling.
Not to worry, though. Travel marketers can still have their cake and eat it, too. You just have to make sure you check off a few boxes. And we’ve got you covered with this email marketing guide to GDPR for the travel industry.
Before they book with you, people are opting in to receive email alerts on special sales, loyalty perks, or deals. GDPR implementation rules have a LOT to say about this.
Practically speaking, you must make sure your email marketing subscriber acquisition tactics are air tight. No more pre-checked boxes on your forms. No more adding people to your list via promotions.
In fact, you must instead be overly communicative about the types of emails subscribers will be receiving. Explain why you’re capturing their personal data, who is asking for it, and notify them of any other parties who will have access to it.
Most importantly, keep a record of when, how, and who signed up, and what the form looked like at the time of sign up. This will all come in handy if you ever get into a sticky situation with GDPR.
email marketing confirmations
If you’re in the travel industry, you’re sending confirmation emails. It’s the nature of what you do.
Book a flight, cruise, tour, rental, trip… you name it, you send an e-ticket for it. For those customers who are in the EU, this counts as monitoring their behavior and you must comply with GDPR requirements.
Even though the GDPR says you’re allowed to contact someone in the course of business dealings — e.g., sending a confirmation email or receipt — it’s safest to notify people about this confirmation email with a clear description and a checkbox the person can tick off. Keep a record of this opt-in and when it happened, as again, keeping proof of historical data is of utmost importance to GDPR for the travel industry.
Most importantly, remember that just because someone is okay with an e-ticket confirmation email does NOT mean you can opt them in to the rest of your lists. This is clearly against GDPR rules!
If someone purchases a ticket on your airline, you must ask them for complicit consent again if you wish to add them to your promotional email marketing list. Or if someone books a stay at your hotel, you can’t reuse his or her email address to send a marketing offer… you must ask for consent first.
Website retargeting — the process of tracking your website visitors’ behaviors with cookies so you can serve them ads on other websites — is used frequently by travel companies. After all, if someone looks at a trip to Dublin, Ireland and reminders keep popping up about it, that person is more likely to eventually give in to their wanderlust and book the trip.
For advanced travel email marketers, you may be sending behavior-based automated emails based on actions your website visitors do or do not take. Similar to website retargeting, this email retargeting often garners a huge ROI.
However, under the new GDPR rules, ANY retargeting via email, cookies or other website tracking is a violation of personal privacy. In other words, you’re not allowed to gather this retargeting data about your website visitors without their explicit consent.
Email and website retargeting may be the most important areas when it comes to GDPR for the travel industry. Whereas for the most part you can tell if an email address is from the EU, you can’t say the same thing about website visitors. Protect yourself by making these updates as soon as possible!
conclusion: get your travel industry GDPR ducks in a row
You’re a travel company. And whether you like it or not, you collect a LOT of information about people, especially your email subscribers. Complying with the privacy mandates of GDPR may not be an easy task, but it’s a must to make sure the future of your business is bright.
Don’t be like the company who just received the first fine for ignoring this law… make the necessary changes to make sure you’re meeting all the implications of GDPR for the travel industry.
Our team has worked hard to add GDPR-friendly features to our platform and our strategy team has helped many marketers develop a strategy and execution plan for making GDPR changes to their email marketing programs. Need help, too? Just reach out.