GDPR preparations

Here we plan to keep you up to date with what we're doing in preparation for the GDPR.

ResDiary stores a lot of data which we use to make things better for our customers. We’ll be making some changes to how data is managed by ResDiary, and used by our customers, to make sure we’re compliant with the GDPR.

Before we begin

The GDPR  defines who owns what data, and in what situation. We understand it’s a bit of a minefield, but don’t worry, we’ll explain it to you.

First and foremost, the data controller owns the data, while the data processor processes it on behalf of the controller.  

This means that when a booking is made via, ResDiary is the data controller and is responsible for tracking a customer’s marketing preferences. When bookings are made for your venue using ResDiary technology on any other digital platforms, then the venue (you), or partner, is responsible for tracking a customer’s marketing preferences. 

What is ResDiary doing to prepare for the GDPR?

Phase 1

This is a work in progress. Some of the following features have been delivered and some are coming soon.

Updating the T&C's and the Privacy Policy

ResDiary’s Terms and Conditions will be different from a venue’s T&C’s. Under the GDPR, a Privacy Policy must be easy to read, clear, and comprehensive.  So we’ve updated ours. It’s more detailed,  answers questions relating to personal information and data collection, and it outlines that a customer simply needs to email [email protected] to remove themselves from our database. You will need to update your T&C’s so they are in line with the GDPR. 

Removing automatic opt-ins

The GDPR has pretty strict rules about pre-ticked opt-ins. These will become a thing of the past when it is implemented. Consent must be given by an affirmative action and cannot be assumed by inactivity; there has to be a human behind that tick who actively decides they want to receive marketing. We’ve already removed any automatic opt-ins, make sure you do the same, ensuring they’re not hidden away in your Privacy Policy. We will also be changing what customers need to tick when choosing to receive marketing communications. Diners will soon need to opt into marketing from venues and ResDiary separately. 

Marketing preferences landing page

Some relationships don’t last. But there’s always plenty more fish in the sea. A customer may have been to your venue once and then decide they don’t want to receive any more emails from you. The new marketing preferences landing page will create a place where users can easily edit their choices, making it easier for them to opt in and out. It will also allow users to decide what type of marketing they want to receive (email/SMS), and whether they want to hear from different locations or other branches, if you’re part of a group of venues.

Addition of new fields to customer records

You can get to know your data better. Under the new regulation, you need to know a bit more about how you obtained data. More fields will be added to customer records, we’ll be including information such as: date and time profile last updated, date and time of last opt-in, specifics of opt-in, IP address, history log of all changes to the record, and details of who made the change (ResDiary/a guest). As well as this, a feature will be built into ResDiary so when guests request a downloadable copy of any data that you hold on them, you will be able to fulfil their request. Because of this, you must be aware of what you write in booking comments.

Retention periods

Retention periods for data need to be revised. The GDPR outlines that you need to know how long you’ve kept data for, so we’ve agreed our data retention period will be 18 months. We will be giving you the tools so you can create your own retention policy. Please note that your policy may be different from ours or other venues, depending on the type of venue you are. 

restaurant no-shows

Double opt-in for customer profiles

We will give you the option of using this feature. If you choose to use the double opt-in, customers who opt-in by ticking a box online will then be emailed to confirm their choice to receive marketing. The advantage of this would be that you’ll know the email address is from a valid, monitored inbox and not a creepy ghost email. Plus, you may choose to use the double opt-in tool for customers who phone to make a reservation and opt-in verbally. This reduces the risk of errors since you don’t want to be marketing to the wrong people.




Phase 2

This will include alerts, tips, and tools that you’ll be able to use to ensure you comply with the GDPR. The development team are still working on this, so we’ll let you know when everything’s finalised.