GDPR And Its Impact On Your Hotel Website & Online Marketing

By 80 DAYS | March 2nd, 2018

GDPR Hotel Websites

The General Data Protection Regulation (GDPR) is a new EU regulation that will come into effect on the 25th of May 2018. The regulation is designed to give people more control over how their personal data is used, and any business operating in the EU is required to be compliant with GDPR’s rules.

What action is needed to bring your website & online marketing up to spec?

80 DAYS has undertaken some investigation of the new regulations and how this may impact our customers’ websites. The following notes & recommendations are based on our best understanding of GDPR. However, we feel it important to add a caveat that we are not authorities in Privacy Law and we would recommend you seek further legal advice if you are concerned about how your organisation handles personal data.

1. Identify your Data Controllers and Data Processors

A “data controller” is any organisation that holds personal data about EU citizens (e.g. your customers’ names, etc.). A “data processor” is an organisation involved in processing & storing that information on the controller’s behalf. Under GDPR, both controllers and processors can be held liable if there is a data breach and so both need to adhere by the regulation.

2. Explicit & Active Opt-Ins

Under GDPR, customers must explicitly opt-in to having their details stored and understand what they are being used for.

Under the new regulations, consent is now also defined to require an obvious and positive action to opt-in. For example, enquiry forms with a checkbox to receive a newsletter should be unticked by default, assuming that unless the user selects this they do not wish to opt in.

GDPR Hotels Explicit Opt In

There are some exceptions though – if it is necessary a customer supplies details in order to complete an action, then their consent is implicit (for example, it’s a given that you’d need to store a hotel guest’s details from their booking so that you have it when they check-in).

3. Use of cookies, and more specifically Google Analytics & AdWords

The GDPR regulations do not make much mention of cookies, and there is already EU legislation in respect to cookies that was introduced in 2011. In brief, if a cookie can be used to identify an individual then they should have provided explicit consent for it to be used. For Digital Marketeers the good news is that most of the tools at our disposal use anonymized data and are therefore unaffected by GDPR.

For Google Analytics, which most websites use to track visitors through the use of cookies, it is not possible to single out an individual. Therefore, no changes under GDPR are necessary.

Similarly, for advertising via Google AdWords, most data is anonymised and so no changes are needed to be GDPR-compliant. The slight exception to this is Customer Match advertising (i.e. where ads are targeted toward a defined list of email or mailing addresses); if you are to run this form of advertising, then customers would have to have given explicit consent for their personal data to be used in this way.

4. Privacy Policy updates

The Privacy Policy on any website should provide information about what data you are collecting about website users (either through cookies, freely provided by the user, or through other means) and be transparent in explaining what is being done with this information.

We would always advise that the Privacy Policy of your website is reviewed by legal representation to ensure this meets with new regulations.

In Summary…

For businesses that are already treating their customer’s personal data responsibly, GDPR should require just small changes in current practice. Ensuring that the personal data you hold is only being used in ways which the individual is aware of, has approved and that it is being stored securely, should help prevent you falling foul of the new regulations.

If 80 DAYS can be of further assistance in updating your website/marketing activities accordingly, please contact your Account Manager or



80 DAYS is a creative & digital marketing agency, specialising in the luxury travel sector. Working extensively with unique luxury hotels & international hotel collections, we have an in-depth knowledge of how luxury hotels work and the marketing strategies to employ to achieve the greatest results.

Newsletter Sign Up