ao link

You are viewing 1 of your 2 articles

To continue reading register for free, or if you’re already a member login

 

Register  Login

Viewpoint: GDPR – time for a spring clean

With the new General Data Protection Regulations approaching fast, it's time to start deleting your customers' dodgy data, says Peter Ducker

 

No one likes receiving unsolicited emails or spam, although dislike is probably putting it too strongly. Unwanted emails simply sit there unopened or are deleted automatically. Harmless enough? Not necessarily for the senders. Companies that do not respect the wishes of past, present or potential customers are already liable for fines, but the penalties are set to climb much higher thanks to the introduction of EU General Data Protection Regulations (GDPR) on 25 May.

 

Morrisons, Honda, Flybe, Islington Council and Carphone Warehouse have recently been fined for either being careless with the personal data they hold or for sending millions of emails to people who had previously told them they no longer wanted to receive marketing messages.

 

Under GDPR, which will replace the existing UK Data Protection Act, fines will jump from the current maximum of £500,000 or 1% of annual turnover to €20m (£17.8m) or 4% of annual global turnover.

 

Last summer, pub chain JD Wetherspoon decided to delete its entire emailing list. Observers speculated that the group might have lost track of which customers had given consent to be emailed for marketing purposes, and which hadn't. The chain had suffered a data breach in 2015 when a third party stole the personal data of more than 600,000 customers.

 

With GDPR less than three months away, companies clearly feel increasingly uneasy about keeping large amounts of data of uncertain value. Wetherspoon chief executive John Hutson suggested that email was not an effective marketing method anyway because many consider it "intrusive".

 

In order to be GDPR-ready, companies need to carefully go through all of their data; check exactly what they have, why they have it, and what they need to do with it in order to be GDPR-compliant.

 

The GDPR puts the onus on companies to actively seek specific permission from individuals to use their personal details, such as emails, phone numbers and postal and IP addresses. Relying on preticked boxes or inaction (ie not unsubscribing) will not constitute consent.

 

Furthermore GDPR applies the principle of "purpose limitation", under which personal data must only be "collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes".

 

A hotel that has amassed the contact details of all its previous guests, for example, cannot send marketing messages to them unless it first has their permission.

 

Although preparing for GDPR may seem onerous, it is an extension of legislation that already exists and is intended to prevent sloppy and potentially dangerous practices. Businesses can tend to hoard data. You may be surprised by how much data you hold that is out of date or of no use to your business at all. Carrying out a data spring clean may actually make you feel good!

 

Peter Ducker is the chief executive of the Institute of Hospitality

 

Videos from The Caterer archives

 

 

Are you looking for a new role? See all the current hospitality vacancies available with The Caterer Jobs

Social Media Summit 2024

Social Media Summit 2024

Hotel Cateys

Hotel Cateys

Best Places to Work in Hospitality 2025

Best Places to Work in Hospitality 2025

Queen's Awards for Enterprise

Jacobs Media is honoured to be the recipient of the 2020 Queen's Award for Enterprise.

The highest official awards for UK businesses since being established by royal warrant in 1965. Read more.

Jacobs Media

Jacobs Media is a company registered in England and Wales, company number 08713328. 3rd Floor, 52 Grosvenor Gardens, London SW1W 0AU.
© 2024 Jacobs Media