New Law Could Cost Your Travel Company Up To €20 Million in Fines


If you’re a travel company owner, a new law will deeply affect your ability to grow in the European market. It could lead to thousands or millions of dollars in legal fees and fines if not handled carefully. In the next three minutes, I’ll show you what you need to know and how to prevent a marketing and business nightmare for your company.

Usually, I don’t talk about legal stuff on this blog. My expertise is in marketing, strategy and copywriting, not the law. I didn’t study international law and I’m certainly not going to start.

I'll repeat this for clarity: I'm not a lawyer. Consult a legal professional to make sure your company complies. I discovered this law would impact my business and realized many weren't aware of this.

The new European Union (EU) privacy laws, known as General Data Protection Regulations (GDPR) affect everyone though, not just European companies. I’ve had to change how I do things in my business, and you might need to as well.

As I understand the law for my business, if I use any personal information from an EU citizen, I need to comply with GDPR. Personal information can be as simple as a name or email address.

What does this mean for travel companies, especially those who’ve spent years building a list of interested parties?

There are two areas of importance for GDPR and travel companies.

Proof of Permission

If you gather information from any citizen of the EU, you have to show proof they gave you permission to use it how you intend to use it. Gathering business cards at an event and then enrolling them in your automated newsletter isn’t good enough. You have to show proof they said it was okay to send the newsletter.

The same holds true for past purchases. Even if a person has been a guest at your property before or participated in a tour in the past, it doesn’t mean they want to keep hearing from you. And the burden of proof is on you. Unlike many laws we see, there’s no “grandfather clause.”

​GDPR goes into full effect in May 25, 2018, and you will be liable for showing every name on your list gave you permission to message them after that date.

​Explanation of Use of Information

A tried-and-tested method for gathering emails of visitors to your travel site is to offer a valuable download-like a map of the area of your hotel-and then add them to your email list. That won’t be the case anymore with GDPR. Travel companies need to tell individuals how their information will be used-for a newsletter for example.

Under GDPR, travel companies that receive an email address from an EU citizen for a download do not have consent to send other messages. Another message or checkbox where they give permission to receive the newsletter is required as well. This extends to every new campaign you send.

Again, I’m not a lawyer, and you are responsible for gaining the right permissions for your email list. If you want more legalese explanations of how GDPR might impact your business, check out GDPR: What Europe’s New Privacy Law Means for Email Marketers  for a general overview. A generic hospitality industry overview is at “GDPR-Advice for the Hospitality sector” and a more recent and hotel-specific article is “GDPR and the hotel sector: what you need to know today.”

GDPR: Travel Companies Have Opportunity for Engagement

Some may view this as a legal nightmare and a headache waiting to happen. Or you could view this as an opportunity to provide an even better experience to your list. There may be hundreds or thousands of names on your email list that aren’t engaged. Individuals who haven’t interacted with your brand in months or years.

Your expanded email list can be narrowed down to highly engaged people who are very interested in your travel company. With your new and improved list, you can improve the ROI of campaigns, create more targeted campaigns that appeal to smaller segments and improve the overall satisfaction of your email list.

This starts with a re-permission campaign. A few simple messages you send out to your entire list to verify they want to hear from you. You can choose to only send this to European names, but I’d recommend sending to your entire list.

You’ll discover the most engaged segment of your list. These are people likely open to making a purchase decision soon. You’ll also discover who isn’t reading your messages. If they aren’t reading your messages, you don’t want to be spending time, money and resources on them that could benefit other people on your list.

Some may say their list will be significantly cut with this method. This is true. You'll have a higher quality list and this isn't a downside. This new list will be full of engaged people, ready to interact with your company. Avid fans are better than uninterested names.

Is your company prepared for GDPR? Sign-up before February 5th for a free strategy session where we'll discuss GDPR and what it means for you.  Receive a 30% discount off the re-permission campaign package when you mention this post (Only offered for the first three companies that qualify). Sign up at a time that works for you to see if you qualify! 

Spread the Word
Click Here to Leave a Comment Below

Leave a Comment: