GDPR- A Revolution Paving the Way for Better Developments?

Since 25 May 2018, companies are required to comply with the GDPR. What does this change, and what are the challenges in terms of personalisation? Here we take a look at a case study involving Accor where the findings are more than conclusive.

While the General Data Protection Regulation (GDPR) that came into force on 25 May last year may have been seen as a constraint, it was, quite the contrary, seized as an opportunity by Accor according to Chief Digital Officer, Maud Bailly. "It will allow us to implement intelligent personalisation," she explained.  

For over a year, hundreds of people have been involved in preparing for RGPD compliance. New positions have been created, such as that of Chief Data Protection Officer, educational materials have been produced, and awareness lectures organised; all under the auspices of our sizeable legal department. The aim was "to make all our employees who handle personal data aware of their responsibility," explained Maud Bailly.

Indeed, by working on consent forms – one of the major new elements introduced by the GDPR with data portability as well as the traditional right of access, right to rectification, and right to be forgotten - the group intends to use this digital transition to practise responsible use of data.  

The challenge is considerable, as the use of this data will make it possible to provide hotel offerings that are more personalised, without which, according to the consulting firm Accenture, travel agents could lose 212 billion dollars (source white paper Beyond Points).
"For me, personalisation is going to be our key differentiating factor," Maud Bailly declared in an interview for Les Echos, going on to point out that this personalisation will be based on two things: an enriched offering and a strategy to redesign and develop the group's loyalty programmes. Indeed, under the guidance of Sébastien Bazin, Accor has been further strengthened with new hospitality brands covering a broad range of high-end offerings precisely tailored to a wide array of clients. The group has also expanded its services offering (coworking, catering, entertainment and similar) to set itself apart from its competitors.  

Digitalisation, the use of data and the introduction of the GDPR are very much at the core of the Accor Group's loyalty programme redesign strategy. "Our members tell us that what they prefer is being known and recognised," explained Maud Bailly. "We therefore have to be aware of their personal interests, gaining an understanding of what they like and their preferences. At Accor, guests now have the option to use their points not just for a night's stay but wherever their preferences lie: a concert, a sporting event or a trip on the Orient Express," stressed Maud Bailly.  

In line with Accor, the hotel industry took advantage of the introduction of the GDPR to raise a range of questions related to personal data management, all the more since this sector appears to be that most affected by personal data breach. Out of 742 personal data breach notifications identified by the CNIL between 25 May and 1 October 2018, 185 involved stakeholders in the hospitality industry.

And what about the potential introduced by Article 20 of the GDPR concerning data portability - namely the possibility for customers (subject to their consent) to have information passed on to various interconnected stakeholders in the business tourism sector (travel agencies, transporters, hotels and similar)? This would greatly simplify the life of the business traveller. The new regulation is just the tip of the iceberg, opening up broad areas of opportunity for the future.