GDPR and the pub
With a few notable traditional, unbowed exceptions, it’s rare to find a pub these days that has no WiFi or social media presence.
Since it came into being, WiFi has been very close to the top of the list of ‘must haves’ for consumers visiting a pub.
And it has been said that providing poor WiFi is worse than providing none at all.
Reliable, fast WiFi is a minimum consumer expectation these days and hospitality outlets should now be concentrating on how they re-invest in and make more use of their WiFi and social media whilst also being mindful not to contravene the soon-to-be-introduced General Data Protection Regulations.
Social media & marketing the pub
That “lost to the pub” generation of 18 to 35 year-olds are particularly attached to their WiFi-dependent accessories. They use them – almost exclusively – to communicate, gather news and get the lowdown on where they’re going for their night out via social media.
WiFi and social media have also become one of the tools that a pub makes use of to become significantly more attractive to this demographic.
But the developing technology is ever-evolving so it can also bring with it its share of challenges.
For example, how secure is your network from hackers? A reasonable question.
“That falls back to the proprietor engaging with people who know what they’re doing and setting this up properly and securely” believes Eoghan Comerford at Netspeed, a high-speed Internet Access services support company for hospitality outlets and public areas, “It’s up to the proprietor and the WiFi installer to take all appropriate steps to separate the administration network from the guest WiFi.”
Failsafe IT’s Gary McNamara provides a professional and complete IT service to Irish businesses.
He puts it succinctly: “Separate the networks with a router, a vlan or separate broadband line”.
Data – the new “oil”
Through WiFi in the pub it’s possible to generate marketing data for the business, provide streaming services for clients, better encryption for security and target repeat users with advertisements.
The data collected from having their customers register with the premises for access to its WiFi helps pubs to really understand their customers as well as giving them the ability to create entirely personalised communications, only talking to customers about their interests, according to Julian Ross, the Managing Director of Wireless Social in the UK.
In the latest issue of Future Shock, the third in the series of reports on the hospitality industry in the UK from ALMR & CGA, he wrote, “Data advances mean that operators now have no excuse for sending out content that’s not adapted to customers’ own interests.”
He also points out that, “Operators need to be open and honest about their guest data use. On the whole, guests have no issue with a favourite venue of theirs using their profile to send timely and personalised messages. What people don’t like is being hoodwinked into providing their personal information only to be e-mailed about offers that are irrelevant to them from a database they believe they never signed up to in the first place.”
General Data Protection Regulation is designed to prevent this from happening.
Data – the new “oil”.
GDPR compliance
While the expectation of being able to access free WiFi in the pub unencumbered by codes or passwords is there, the gathering of e-mail addresses has tended to be the price the customer has had to pay for entering the pub’s portal.
e-mail details are taken with a view to downstream marketing but the imminent arrival of the General Data Protection Regulation to protect an individual’s data and privacy within the European Union will addresses the export of personal data outside the EU.
GDPR regulation is going to give everybody a sharp wake-up call, agrees Eoghan Comerford.
“Some of it is going to be overkill, but it will be necessary if you want to be GDPR-compliant,” he warns.
From May 25th companies will need to be up-front about the data they’re collecting and how they intend to use it to avoid substantial fines or a legal action.
“As a new rule, guests will also have the ability to edit data that is held about them,” says Julian Ross, “We think GDPR offers an amazing opportunity for those operators who communicate effectively to their customers.”
With GDPR legislation making data laws stricter, it’s time for publicans to scrutinise their terms and conditions for WiFi access and update their privacy terms with a very clear statement of what data they’re collecting, for what reason and how this data will be used,” advises Jeff Sheridan, Managing Director of Matrix Internet, a full service digital agency specialising in User Experience, Social Media, Web Development, Graphic Design, Programming, E-commerce Strategy and Digital Marketing, “Clear opt-in check-boxes along with instructions on how they can opt-out at any time need to become a part of the process,” says Jeff, “One of the biggest changes from the previous Directive is that individuals now have a right to access the information a business holds on them and if requested, they need to supply it to them within one month. This includes any personal data captured during the sign-up process for accessing WiFi at a pub’s business location.
“Unless users consent to their data being used for marketing purposes, this practice will no longer be possible. So we suggest two separate opt-in checkboxes to be put in place – one asking permission to market and the other for data consent. For the latter, we suggest publicans gather as little data as possible because the more data you process, the higher the chance of non-compliance becomes. Remember, all businesses including pubs will need to have a legitimate reason to capture user data.
“One more thing to look out for is using social sign-up processes,” he concludes, “If users are prompted to sign-in with facebook to join a pub’s WiFi network, it’s probably safer for the businesses because it removes the need to store personal data from the business and transfers the GDPR compliance responsibility to the federated identity provider – in this case facebook. So as long as the business is not storing any data received from these social logins, any risk of non-compliance is mitigated.”
