The General Data Protection Regulation is a big deal for all businesses. If you’re responsible for marketing a hotel chain, individual property or any event venue, it’s critical. For you, a data breach would damage your revenue and your reputation.
When people walk through your doors and hand over their personal details, passports and payment cards, they’re actually giving you something priceless – trust. You know a lot about your guests: their comings and goings, their home address, travel plans, preferences, favourite cocktail. That’s quite a personal profile and it’s exactly the kind of sensitive PII (personally identifiable information) that, if you lose it or leak it, will command the biggest penalties under GDPR.
But the larger risk for those in the hospitality business is not the financial penalty; it’s the damage to our reputation, the loss of hard-earned customer loyalty.
That’s why, as business leaders, all of us have prepared for GDPR. If we handle any personal data from EU citizens or residents, we’re now compelled to keep it private and secure.
But if you’ve been in MICE marketing for a while, this isn’t your first brush with compliance. Since Cvent’s founding in 1999, we’ve worked with ISO27001, Soc 1 & 2, PCI, the Data Protection Act, Privacy and Electronic Communications Regulation, Privacy Shield and (soon) changes to e-Privacy. Regulation is a thing we deal with day in, day out.
GDPR is about trust
At Cvent we’ve come to see regulation not as a challenge but as an opportunity. Every new wave is a chance to raise our game, do more than we’ve been asked to do before, jump higher. Like with PCI – we went all the way to Level 1, when at the time, Level 3 would have been enough to do as required. Why? Because when regulators raise the bar, it’s usually a way of telling us that our customers need something from us, and we always want to over-deliver against our customer’s needs. GDPR is telling us our customers need us to respect their trust. We embrace GDPR to show customers we are dedicated to honouring that trust.
Venue selection under GDPR
Let’s talk about you and your MICE customers – event professionals and delegates who will be guests at your hotel during the event. Both parties need to trust that your hotel will store and manage personal data with a commitment to privacy and security. Consider the delegate lists your hotel staff use to store and share guest details. Under GDPR, these must be stored safely and encrypted, not captured in spreadsheets, emailed between parties or passed around on paper. Take the opportunity to demonstrate that you as a venue partner are responsible and compliant, with strong security measures and processes in place.
Automation reduces risk
Automating your processes with Cvent is one way to demonstrate to event organisers that you are helping them cut their risk of mishandling PII. Thousands of event planners rely on our end-to-end event management platform, in part to reduce the risk involved in managing data. They know their delegate data is handled securely across both our platform and the dozens of other room booking and CRM systems it integrates with. They also know that Cvent has modified our products and systems to ensure we meet new GDPR requirements, in line with our consistent commitment to security, privacy, transparency – and trust.
GDPR and your technology suppliers
GDPR compliance hasn’t been easy for Cvent. It’s a high standard to achieve, particularly as there are still many grey areas. Fortunately, at Cvent we have a number of assets that have served us well during this effort: technology and data expertise, financial resources, an all-hands-on-deck mentality, high quality legal counsel, and an understanding that GDPR compliance is a matter of maintaining customer trust.
Running a hotel or other meeting venue requires engaging a number of third-party suppliers and that often means sharing guest data with them. Under GDPR, it’s your responsibility to keep your guests’ data private and secure throughout the chain. If one of your suppliers leaks that data, it’s your responsibility. Given all that is at stake for you, your guests and your customers, here is my advice: if a supplier can’t reassure you about GDPR, find a new supplier.
Of course, GDPR has a lot to do not only with how you manage your events, but how you put your hotel in a position to win the business in the first place. Which brings us to GDPR and marketing. As a Cvent marketer, I’ve accepted that GDPR’s rigorous consent stipulations might mean fewer leads in our database, fewer prospects in our pipeline, fewer sales conversations. After all, asking people if they want to hear from you means you risk some of them saying “no”. But again, consider the GDPR silver lining. We’ll engage prospects who want to have conversations with, people who have invited us in, who see potential value in the products we offer and a potential partner in Cvent. That is a great place to start to build trust – and business.
You and your marketing colleagues will experience the limits that come with GDPR as you seek to engage event organisers and grow your MICE business. But we think you’ll find compliant sourcing platforms like ours even more valuable for promoting your venue to the thousands of planners who convene there. You’ll have that same opportunity to engage prospects in the knowledge that you have proper consent and they’re genuinely interest in what you have to offer. Under GDPR, your marketing can be even better.
Understanding GDPR in this spirit, I hope you join me in welcoming the arrival of GDPR and looking forward to a future of more privacy and security for data, customer trust, and MICE business growth.
This post is written by Chris McAndrews – VP of Hospitality Marketing at Cvent.