Strategy | Email Marketing | Tourism | Hospitality

    Ico-Reloj12 min de lectura

    A hotel CRM prepared for the new data protection law

    Written by: Galina Kulakova

    You probably already know about the GDPR – a new data protection law that will change the rules of a marketing game for the organizations that in any way deal with personal data of EU citizens.

    We have already discussed in detail what the GDPR means for the hotel sector, and in a nutshell, the hoteliers are more vulnerable in light of the new legislation due to the amount of the personal and sensitive data that they collect about their clients.

    First, let’s recap. Here are some important points about the GDPR:

    1. The GDPR comes into force on 25 May 2018

    2. It affects ALL organizations that deal with personal data of EU citizens, regardless of the physical location of the organizations

    3. Data processors and controllers have joint liability, which means significant penalties for all parties participating in data collection, storage and processing

    4. Penalties: violating data subject’s rights can come at the financial cost of up to €20 million or 4% of global annual revenue (whichever is greater)

    These are a few aspects of a complex law. In this post, we will talk about a solution. We will explain how a hotel CRM can help you prepare for the new data protection law with the example of HubSpot CRM.

    1. Data collection

    In order to lawfully collect the data, you need to receive “freely given, specific, informed, and unambiguous” consent. To get that, you need to give the individual a clear notice, explaining in a “clear and plain” legal language what data exactly is being captured, for what purposes, for how long it will be stored, who has access to it and the data subject rights.

    How can CRM help?

    Clear notice. HubSpot CRM makes giving a clear notice easier as it facilitates the process of creation of landing pages and forms. The set of tools will help you inform a user on how his data will be used, stored and processed and of their rights.

    Affirmative consent. You can truck the affirmative consent in the forms by designing an opt-in or double opt-in.

    If you are unfamiliar with the term, “double-opt-in" is a 2-step confirmation process where a user confirms his/her email address after initially signing up. The GDPR does not specify whether the double opt-in form of consent is mandatory, but many organizations choose this option as an additional protective measure in proving they obtained the required consent. 

    2. Data storage and processing

    The goal of the GDPR is to empower individuals to control their personal data. The new legislation sets strict rules for the organizations to ensure that the rights of the individuals are protected and reinforced.

    Individuals always had the right to require the access to personal data. However, with the GDPR the timeframe becomes stricter as do the penalties for violation of data subject rights.

    Individuals can request access to their personal data and the organizations are obligated to provide full information about the place and time of acquiring the data, the purpose of processing, category of personal data, retention period and storage information. Individuals can also modify their personal data by demanding data controller or data processor to correct the data.

    How can CRM help?

    Exporting Contacts. With the HubSpot CRM in place, you can easily export data from a person’s record in a user-friendly format (that is required by the GDPR). The whole process is simple and takes seconds.

    Modifying and Updating Data. The right of a person to request a data holder to modify their personal data is also protected by the current legislation, but with the GDPR the restrictions will be harder. CRM platform will assist you in editing personal data in a simple way, be it updating the email address or any other request.


    3. The right to be forgotten

    The right to be forgotten is also known as data erasure or the right to deletion. It entitles individuals to request erasure of his/her data by data controller, cease further distribution of the data and potentially have third parties stop processing the data.

    How can CRM help?

    Unsubscribe button.The emails that you send with the CRM software include an unsubscribe button, allowing your customers and prospects to send you a message indicating that they want to withdraw their consent to receiving marketing emails from you. This feature also helps companies comply with the EU E-Privacy legislation governing direct marketing.

    Email Preferences. Also, the platform provides customers and prospect with the opportunity to choose which categories of email they want to receive by changing email preferences.


    As you can see, there are many ways how CRM can help you comply with the new data protection law. Even though we do not advise you to rely on the CRM only to prepare for the GDPR, and suggest that you seek professional legal advice, a user-friendly CRM platform can and will make the process of adjustment much easier.

    The GDPR is a big change, and many marketers fear the upcoming legislation. We in Amara believe that the new data protection law is an opportunity. It is an opportunity to gain more trust from your customers by being more transparent with your marketing strategy. Yes, it will be harder to catch new leads and keep them, but the quality of those who stay will be much higher. The GDPR is an opportunity for all of us and we should see it not as a threat, but as a possible competitive advantage.

    Gte ready for the GDPR
    Tips for creating a loyalty program in your hotel

    Related resources


    Marketing Online, CRM, Hospitality

    From DPD to GDPR. The new EU General Data Protection Regulation.

    A new horizon of changes and obligations opens with the new EU General Data Protection Regulation or...

    Strategy, Email Marketing, Tourism, Hospitality

    Un CRM hotelero preparado para la nueva ley de protección de datos

    Teniendo en cuenta la próxima nueva ley de protección de datos, el GDPR, los especialistas en market...