Are you ready for GDPR? Failure to be in compliance with the new act can result to fines of up to 4% of annual global turnover, or EUR 20 million, depending on whichever is the greatest. GDPR is set to affect most sectors, here we look at how the legislation impacts on the collection of guest surveys.
With only a few months until the new Data Protection Act comes into place on May 25th, many organisations are already in the process of undertaking the actions necessary to safeguard personal data to avoid the financial repercussions that could result from lack of compliance. Failure to be in compliance with the new act can result to fines of up to 4% of annual global turnover, or EUR 20 million, depending on whichever is the greatest. But before we go to even more depth, let’s firstly begin by defining what GDPR is.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal data. These categories include health data, information on individuals’ racial or ethnic origin, political affiliations, religious beliefs, genetic and biometric data and sexual orientation.
With an incredible amount of information that companies store about their consumers, from basic contact details through to credit card information, GDPR aims to give consumers more control of their own data and improve levels of compliance.
It is essential for organisations involved in the processing of personal data to be able to determine whether they are acting as a data controller or as a data processor in respect of the processing.
- The Controller – determines how and why personal data is processed
- The Processor – handles the processing of the data
GDPR and consumer survey organisations
GDPR affects almost every industry that handles personal information in particular consumer survey organisations as this relies heavily on consent i.e. how will you go about gaining consent without having to go through a substantial amount of work? This article is designed to give you a quick overview of how GDPR affects guest feedback surveys.
Why collect guest feedback?
Customer feedback is important in most industries, especially in hotels as this is one of the most competitive industries, and businesses in the hospitality sector are constantly looking for ways to stand out. Feedback gained from guests allow managers and their colleagues to review the feedback, act to strengthen their advantages and to correct any problems.
When it comes to GDPR, consent is one of the main focal points to get right and hotels can often get confused about whether surveys require consent from their guests. It is important to note that if you are using a third party organisation to collect guest responses, that your “processor” has updated their privacy and security policies in consideration of GDPR.
Define purpose of survey and consent required
One of the first things hotels need to be clear about is what the survey is used for and its purpose. Once this is defined, hotels can then work out what sort of consent they need from guests – whether this is “unambiguous” consent or “explicit” consent.
This should include, but is not limited to the following:
- What information is collected from the survey
- Where information is stored
- How information is used – purpose of data
- If information will be shared
- How to access data
If you are planning to use customer feedback generated from the survey as an online review on the website, then unambiguous consent is required.
Why is this required?
What many do not realise is, online reviews is a form of marketing and does not count as a legitimate interest. This means, you’ll have to get consent to use peoples’ comments on your site. As your customer feedback is probably not sensitive, you only need get unambiguous consent to display it in public. This means there’s absolutely no doubt that the customer understands what you will do with their data.
When you need explicit consent
If you deal with sensitive data such as race, religion, sexual orientation, political affiliation, and health status, you need to ask for explicit consent to ask for feedback, at the first point you first collect data.
Personal data should be:
- Processed lawfully, fairly and transparently;
- Collected for specified purposes, and not processed for other purposes;
- Just the right amount of data for the task at hand – not too much, but enough to do your job accurately
- Accurate and up to date;
- Kept no longer than necessary;
- Processed securely
Complying with GDPR may seem a huge task to do. But in reality, it’s something that can be used to your advantage, adding value to your hotel and to build meaningful relationships with your customers. Just remember that when you do ask for feedback, be completely transparent that you’re doing so to make improve customer satisfaction and you won’t be surprising them by adding them to your e-marketing lists, unless otherwise specified. Trying to ensure that personal data are properly collected, managed, stored and retained will require a considerable overhaul of current operations.