Login

The complete email marketing guide to GDPR for the travel industry

Learn tips for GDPR for the travel industry.

*This should not be construed as legal advice. These are marketing tips. Consult your legal counsel for official direction about GDPR.

In case you’ve missed it, the General Data Protection Act (GDPR), went into effect on May 25, 2018. And if you didn’t take it seriously, here’s your wakeup call: A German court just issued the first ruling for a GDPR violation.

Marketers have had over two years to prepare for the changes this law requires. Many of you have taken action to update your processes to comply with GDPR stipulations. But for those who haven’t, this lawsuit is a serious reminder you should assess and document the personal data you collect and process.

For travel companies, the implications of GDPR are especially important to understand thanks to the personal and sensitive data you gather and process. We’re pointing the finger at you, airlines, cruises, car rental sites, even airport parking lot companies.

You collect personal data — names, travel purposes, email addresses, payment info — and it all could be used against you in a GDPR ruling.

Not to worry, though. Travel marketers can still have their cake and eat it, too. You just have to make sure you check off a few boxes. And we’ve got you covered with this email marketing guide to GDPR for the travel industry.

Download the GDPR Checklist!

subscriber acquisition

Before they book with you, people are opting in to receive email alerts on special sales, loyalty perks, or deals. GDPR implementation rules have a LOT to say about this.

Practically speaking, you must make sure your email marketing subscriber acquisition tactics are air tight. No more pre-checked boxes on your forms. No more adding people to your list via promotions.

In fact, you must instead be overly communicative about the types of emails subscribers will be receiving. Explain why you’re capturing their personal data, who is asking for it, and notify them of any other parties who will have access to it.

Add checkboxes to every email opt-in form for all the segmentations that are a part of your list. And we mean ALL of them. Also include a link to your updated privacy policy at the bottom of each form.

Most importantly, keep a record of when, how, and who signed up, and what the form looked like at the time of sign up. This will all come in handy if you ever get into a sticky situation with GDPR.

email marketing confirmations

If you’re in the travel industry, you’re sending confirmation emails. It’s the nature of what you do.

Book a flight, cruise, tour, rental, trip… you name it, you send an e-ticket for it. For those customers who are in the EU, this counts as monitoring their behavior and you must comply with GDPR requirements.

Even though the GDPR says you’re allowed to contact someone in the course of business dealings — e.g., sending a confirmation email or receipt — it’s safest to notify people about this confirmation email with a clear description and a checkbox the person can tick off. Keep a record of this opt-in and when it happened, as again, keeping proof of historical data is of utmost importance to GDPR for the travel industry.

Most importantly, remember that just because someone is okay with an e-ticket confirmation email does NOT mean you can opt them in to the rest of your lists. This is clearly against GDPR rules!

If someone purchases a ticket on your airline, you must ask them for complicit consent again if you wish to add them to your promotional email marketing list. Or if someone books a stay at your hotel, you can’t reuse his or her email address to send a marketing offer… you must ask for consent first.

email retargeting

Website retargeting — the process of tracking your website visitors’ behaviors with cookies so you can serve them ads on other websites — is used frequently by travel companies. After all, if someone looks at a trip to Dublin, Ireland and reminders keep popping up about it, that person is more likely to eventually give in to their wanderlust and book the trip.

For advanced travel email marketers, you may be sending behavior-based automated emails based on actions your website visitors do or do not take. Similar to website retargeting, this email retargeting often garners a huge ROI.

However, under the new GDPR rules, ANY retargeting via email, cookies or other website tracking is a violation of personal privacy. In other words, you’re not allowed to gather this retargeting data about your website visitors without their explicit consent.

That doesn’t mean retargeting is off limits, though. An updated privacy policy will be key in making sure you can still serve behavior-based content like this to your website visitors. With help from your legal counsel, update your privacy policy to include clear and specific language about what website tracking you will be doing when people visit your website. Offer an explicit way for people to say yes or no, and as always, keep a record of their confirmation. If website visitors don’t want to be tracked, you must have an automated process to remove them from tracking.

Email and website retargeting may be the most important areas when it comes to GDPR for the travel industry. Whereas for the most part you can tell if an email address is from the EU, you can’t say the same thing about website visitors. Protect yourself by making these updates as soon as possible!

conclusion: get your travel industry GDPR ducks in a row

You’re a travel company. And whether you like it or not, you collect a LOT of information about people, especially your email subscribers. Complying with the privacy mandates of GDPR may not be an easy task, but it’s a must to make sure the future of your business is bright.

Don’t be like the company who just received the first fine for ignoring this law… make the necessary changes to make sure you’re meeting all the implications of GDPR for the travel industry.

Our team has worked hard to add GDPR-friendly features to our platform and our strategy team has helped many marketers develop a strategy and execution plan for making GDPR changes to their email marketing programs. Need help, too? Just reach out.

Schedule a demo with WhatCounts Email Service Provider (ESP).

More to explore…

MPP

Apple Mail Privacy Protection

What is Apple Mail Privacy Protection? Apple Mail Privacy Protection (MPP) is a feature available to Apple Mail users. MPP protects a user’s privacy by

Read More »
WhatCounts Marketing March 21, 2022

Media Manager upgrade

You may have noticed that your preferred browser provides a security warning for any mixed content. Recent changes in browsers such as Chrome, Firefox and

Read More »
WhatCounts Marketing November 19, 2020

Understanding DMARC

DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol that works alongside Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). What

Read More »
Chris Truitt September 29, 2020

Ready to See WhatCounts in Action?

Request a demo

© 2021 WhatCounts. All rights reserved. View our Privacy Policy or our Terms & Conditions.

Take your first step towards supercharged engagement!

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.

Accept & close
Decline