If you have, like me, a vacation rental business for which you have launched online websites where people can book your rentals (SaintBarth.com and RealBali.com in my case) or even if you just have a humble blog with a newsletter (Case in point: RentalPreneurs), then you know that that EU’s new General Data Protection Regulation (“GDPR”) is affecting you.

This new regulation goes into effect May 25, 2018.  There are plenty of websites explaining what GDPR is about. Here, I will only focus on the actions that can be taken to address it, if you are a small business pressed with time.

GDPR: Careful disclaimer

Please note that I am not a lawyer, but that I have researched solutions that went as far as possible for a small online vacation rental business.

This law is intended for the Facebooks and Amazons of the world, but if you collect users’ personal data (e.g. first name, email address, IP address) either directly, for instance by adding them to your newsletter, or indirectly, for instance by using Google Analytics, then you have to act.

Why did I choose to take action?

My business is located in my home island of Saint Barthélemy, a French overseas territory that is actually outside of the European Union. Yet, I have clients and online subscribers who are EU citizens, so I had no choice but to act.

Also, as a marketing specialist, it would be weird for me to ignore the consequences of a law majorly affecting marketing tactics. I had to go through it to better put myself into your own shoes.

RentalPreneurs.com & GDPR: Divide and conquer

For my blogging and consulting business, i.e. RentalPreneurs.com, I needed:

• a privacy policy reflecting all the tools I was using and what they were doing, from Google Analytics to my newsletter,
• a cookie management tool that would list all the cookies present on my site (I had no idea I had so many!) and let users give their consent to being tracked by said cookies,
• a way to get explicit consent from my EU newsletter subscribers (Some of my subscribers got enrolled into my list after I offered them a free marketing report, and this is not enough anymore to be considered “explicit consent”).

1. Privacy Policy: Iubenda

I used iubenda.com to have my privacy policy created (You can see it here: rentalpreneurs.com/privacy).

How it works:

• It is super smart and super fast: All I had to do was enter the name of the tools that I was using (e.g. Google Analytics, Mailchimp, Leadpages) or what I was doing (e.g. a newsletter collecting email address and first names).
• Iubenda then classified these tools under several categories: Analytics, Content Commenting, Landing pages, etc..
• Iubenda did the whole background work of gathering and listing within my privacy policy the links to the respective privacy policies of the tools that I was using (I would never have been able to do that).
• The privacy policy is then generated and available in many languages.
• You can integrate it to your site in several ways. I chose to embed it with my existing Privacy page.
• Note that it is this is a living document: Every time one of the tools you are using modifies its own policies, your privacy policy gets updated. Similarly, you can add / remove tools within the iubenda interface, and your policy page gets updated.
• Cost: Free for basic, $27 per year for Pro version (I took the pro version)
• Offer: 10% off your first year if you click on the following link: iubenda  – Disclosure: affiliate link – I include it so that you can get 10% off, I am fine if you go directly to iubenda.com and pay the full price 😉

2. Cookie management: Cookiebot

This is one was tougher to find, but I was really happy that I took the time to discover it. It actually made me aware or reminded me of how many cookies get dropped on users, even on a simple blog like mine.

For instance, I had forgotten that I had embedded Instagram images within an article dealing about instagram marketing for vacation rentals. Boom, one more cookie on your browser, with the compliments of Instagram!

I had not only to list all these cookies, but also to find a way to ask for the consent of my readers to get tracked by these cookies.

Enters cookiebot.com. Here what it does:

• It scans your website to list all the cookies you have (this is how I found about Instagram and several others. Note that it also made me reflect on one popular blogging tool, that was free to use, but that set up loads of cookies on my readers’ devices, so I got rid of it. Thanks GDPR!).
• It generates a cookie declaration with descriptions on every cookie found on your website (and to what country the data is sent out to, which is demanded by GDPR. Again, I would not have been able to do that on my own).

 

• It groups your cookies into several categories:
  • Necessary (cookies that your website needs to work, for instance to maintain a user session)
  • Preferences (cookies that enable you to personalize content on your site)
  • Statistics (cookies like those from Google Analytics)
  • Marketing (cookies like the one from Instagram that enables to do remarketing, for instance)
  • Unknown (cookies that you need to categorize as unknown to cookiebot’s database)

• Cookiebot will then:
  • Create a cookie policy disclosing all that info. Just like iubenda, this is a living, dynamic policy page that can be edited easily (see: rentalpreneurs.com/cookie-policy).
  • Display on your website a toolbar that will inform users of the presence of these cookies.You can choose to just inform users or to ask for their explicit consent (which is the law after May  25).
  • User can tick if they are ok with cookies from the different categories (e.g. Statistics, Marketing).

• Technical aspect:
  • Easy: Cookiebot has a WordPress plugin that made it easy for me to display the consent banner
  • Not so easy: I had to ask someone to get into my site code so that each and every cookie making tool was subject to each user’s cookie management preference (I went to Upwork to find a WordPress freelancer, that was fast and under $150).

3. Getting explicit consent from my email users with Mailchimp

This one was not expensive, as I only had to use my emailing management tool MailChimp, but it is the most frustrating one.

If you are a member of my list, it is because you have joined through a form on this website. Most often, I give away a free marketing report in exchange for your email address. This is a proven marketing technique built around growing a list of leads using “lead magnets“.

My goal has always been to have a small, targeted list, rather than the biggest people. For instance, opting out is super easy: If you are not interested anymore, I understand it, feel free to leave the list. Makes sense for everyone.

Lead magnets, not a direct source of newsletter subscribers anymore

Now, as Amy Porterfield explains in this very detailed article about GDPR and Online Marketing:

• The only lawful basis for adding someone to your marketing email list under the GDPR would be consent, and the GDPR requires that consent be freely given, specific, and unambiguous.
• This new standard means we can’t automatically add everyone who grabs one of our lead magnets to our general marketing email list.
• The new consent standard applies to your EXISTING list. If you can’t show that you have the right kind of consent from people who are already on your list and to whom the GDPR applies, then you cannot email them any longer beginning May 25, 2018.

Taking action with Mailchimp

So, it means that I have to change my marketing sequence for future subscribers, which is fine and easy to do: I have created 2 lists, 1 of lead magnet users and 1 of newsletter subscribers, and make it explicit to users that they can opt to jump from one list to another. I will make it the explicit consent mandatory for everyone, it is just more simple and hopefully futureproof.

Now, for EU people already in my list, I had to:

• Segment them within Mailchimp (I actually put in there everyone in the GDPR countries and the people whose country the tool could not guess).
• I emailed these people several times, trying to add some value with my content, explaining what GDPR was about and why it would be great if they gave me their formal consent by updating their profile.
• I created another segment within Mailchimp, of GDPR people who had given me their consent.
• After May 25, I can only email to people who are either in non-GDPR countries or have given me their consent.

Bonus: GDPR Tracker for your whole business

I have just described what I did for my blogging and consulting business. It may not be perfect, but it allows me to comply with most of the law. I doubt that, for the moment, most bloggers would go as far.

Now, for my vacation rental business, where I also have names and records of past and current clients, I had to do more. For instance, GDPR also implies that you document other things, like data flows, and follows some procedures like naming a person responsible for overseeing data (this person being me, of course, in a small business like mine!).

Other online entrepreneurs helpfully pointed me to GDPR Tracker. It is a solution that helps you do all the processes step by step, generating PDFs when you need them. For an online blogger, it is 80% too much info, for a medium size business, it is very interesting.

Cost: GBP299 per year on the official site: GDPR Tracker.
Note that AppSumo has a deal at $49 for GDPR Tracker (deal is here – no affiliate link here – but you have to become an AppSumo member).

GDPR & VacationRental Marketing

I hope that this article about GDPR and vacation rental marketing will have been helpful to you. For small businesses, I believe that the key is to show that you care about the law and that you use ready-made services that will not cost you a fortune. Interpretation of the law may/will change, so take it seriously but do not overspend.