If you’re a member of the hospitality sector, on May 25, 2018, you will have to comply with the new General Data Protection Regulation (GDPR) when it comes to the handling of customer information.
The ruling is mandatory for any group that hosts data from or communicates with citizens in the EU. Businesses that fail to comply with the new legislation risk fines of up to €20 million (£17.5 million) or 4% of their annual turnover, whichever is higher.
The scramble for GDPR compliance has well and truly begun and restaurants should be well-versed in what the new rules mean for their collection and use of data in various forms.
It all sounds very daunting, but GDPR needn’t hold your restaurant chain back in the short or long term, despite what the headlines may suggest. For instance, here are two myths debunked from the off:
- GDPR means you cannot collect data about customers
First of all, GDPR compliance does not mean you cannot use data for marketing purposes. Businesses are simply being asked to make sure that customers are aware of what is being collected, as well as what it’s being used for.
Customers also need the opportunity to opt out of being part of your database, feeding into their “right to be forgotten”.
- GDPR only applies to large databases
Even restaurants with a small amount of user data are required to ensure that they have the consent to use it. Any group that collects data from their customers must comply with GDPR, regardless of how much is being stored.
Getting your restaurant set for GDPR
There are so many other myths that could be dispelled, but we’ll focus on the aspects that will equip your restaurant going into May 25. Our top tips are as follows:
- Gain customer consent
All businesses that engage with customers and have a loyalty programme need to gather consent to communicate with their audience or send personalized offers. Customer engagement platforms make it easy to gain consent, with some reminding customers to give permission through SMS and emails in the registration phase.
Some platforms go a step further in their protection of businesses by preventing users from earning and using benefits if they haven’t given their consent. This gives business owners the peace of mind, knowing that all customers will likely give their consent due to this value exchange adopted by many groups.
- Create transparency
Under the new regulation, users have the “right to be forgotten” and have their personal data removed from record. You can waste precious time trawling through your records and exporting individual files, so it’s important to have a process already in place for picking it out.
Customer engagement solutions can make easy work of this by reducing the time it takes to export data, allowing you to deliver information on request.
On the topic of policy, you should craft something which lays out exactly what data you’re gathering and for which causes. After getting consent from the users, everyone will know where they stand.
- Understand how you gather data
GDPR represents an ideal time to get yourself acquainted with how data is added to your system. It’s easy to forget things like table booking platforms and EPOS devices when it comes to sourcing examples of the data you collect. Like with your policy, this is with a view to making everything transparent in the long run.
- Present the opportunity to opt-out
A key rule of GDPR is that any customer has the right to have their data removed from your system. One way of streamlining this process is to use a customer engagement solution which creates the ability for people to opt-out of having their data collected. Customers can then request this via your app, website, or another channel.
6. Make compliance a team effort
GDPR may seem complex and ‘techy’, but it shouldn’t be left with your data specialists alone. Compliance may require input from lots of members of staff, like your loyalty, sales, and branch managers.
It’s likely that each may use data in a different fashion, which makes it important for them to help with the study of GDPR and the changes to your policies.
- Verify age requirements
GDPR states that every customer joining an online service must be 16 or older. Restaurants can comply with this by providing a button within their apps which people can use to verify their age. When collecting data from within a restaurant, this should be done by a member of staff prior to registration to the loyalty programme.
Turning GDPR into an opportunity
GDPR may seem like a worrying proposition, but it also presents an opportunity to create a sensible, transparent policy which makes your customers feel safer about the ways in which you communicate with them. Customer loyalty is a goal that many brands are aiming for and creating a bond of trust through clear and fair policies for subjects like data is a great place to start.
The right customer engagement platform can make the process a lot easier by taking care of some of the heavy lifting in exporting files and providing opt-out functions among other tasks. You’re then completely in-line with the law and without this having a drain on your resources.
Click here to find out more ways to enhance your customer experience while complying with GDPR.
Posted by Lina Hanin
Lina is in charge of Como’s product strategy and roadmap. She has more than a decade of experience in product management, as well as a vast understanding of international retail businesses. Most recently, Lina served as a Senior Product Manager at the retail division of NCR, a global leader in high-tech solutions for retail transactions.