GDPR - Don't Panic!

GDPR - G-Day Tomorrow - Don't panic!
We have had calls from a number of members concerned and confused about the upcoming changes relating GDPR. 

Firstly - Don't panic. The latest advice on the Information Commissioners Officer website (ICO) can be found on https://ico.org.uk/for-organisations/marketing/   and MWT has asked Business Wales to see if they are able to arrange a GDPR session tailored specifically to the tourism industry.
 
For now, we suggest that:

• You should have a privacy policy- updated if necessary - on your website
• Add 'Opt in' option to any contact forms you use on your website so you can keep guests informed about offers/events.
• Don't email all your contacts asking them to opt-in (see info below about Electronic email marketing)

Note - MWT Members who have websites built by ourselves will automatically have their contact forms updated free of charge over the next couple of days.
Electronic mail marketingThe most important thing to remember is that you can only carry out unsolicited electronic marketing if the person you're targeting has given you their permission.
However, there is an exception to this rule. Known as the 'soft opt-in' it applies if the following conditions are met;

• where you've obtained a person's details in the course of a sale or negotiations for a sale of a product or service;
• where the messages are only marketing similar products or services; and
• where the person is given a simple opportunity to refuse marketing when their details are collected, and if they don't opt out at this point, are given a simple way to do so in future messages.

Please click here for full guidance on marketingThe other important point to remember is that:

Your Legal Requirements

Note - The customer’s rights under the GDPR do not over-ride the requirements of other legislation
It is important to note that the customer’s rights under the GDPR don’t over-ride the data requirements of other legislation. For example, the Immigration (Hotel Records) Order 1972 requires you to record the full name and nationality of all guests and to keep this information for 12 months. As such, a guest cannot ask you to delete this information from your records until 12 months have elapsed. Similarly, a customer cannot ask you to delete any financial information you are required to keep for tax purposes.
If you're unsure on GDPR and what it means then the Visit Britain Pink Books has a nice summery from the Tourism Alliance- See here for more info