Explore Blog

Making Sense Of GDPR For Cinema Marketers

The GDPR is coming - on May 25th to be precise. You’ve likely heard that it will result in big changes across your business, but what exactly does that mean for cinema marketers? And what does it mean for your customer experience?

The GDPR - short for General Data Protection Regulation -  is legislation that should be taken seriously, but it is not something to be scared of. It is an evolution, rather than a revolution of Europe’s existing data protection policies. The spirit of the legislation is actually quite a positive one in that it is intended to bring more transparency and honesty to how companies are using their consumer data. For those of us whose customer data is a key component of our marketing strategy, this transparency should not be seen as a threat, but rather as an opportunity. It is an opportunity for us to build trust with our customers and to, in fact, strengthen our relationships with them. This blog post will focus on what the GDPR means for marketers in our industry, ways to navigate its key principles, and how to look at the new legislation as a positive opportunity for your business.

It should go without saying that every cinema is different and how you evaluate your own compliance with GDPR will vary.  We do recommend that, if you haven’t already, you seek the appropriate legal advice to help you to ensure your cinema chain meets the compliance criteria for the GDPR. 

Creating a culture of transparency

Under the new GDPR legislation, consumers have enhanced rights to know how companies are using their personal data and to ensure that companies have a legal basis for such use which may include having the right to consent, or revoke consent, to such usage. One of the principle themes of GDPR is transparency. By enhancing consumers’ rights, companies across Europe will need to be fully transparent and granular in their disclosure of what personal data they are keeping on their customers, how this was collected, where this data is being stored and how it is being used. Under the GDPR, cinema chains are likely to be considered “Controllers” and will be responsible for ensuring necessary processes, procedures and policies are in place come May 25th, to comply with the privacy principles in the GDPR. These include principles to keep customer data secure, to ensure customers are informed about and have provided appropriate preferences set for lawful management of how their personal data will be used, and making sure their suppliers (such as Movio) who process customer data on their behalf, are properly accountable for their processing of such personal data.

Creating a company-wide culture of transparency and accountability for data use is an important step in ensuring your cinema chain is ready for the GDPR. Look across your organization, take stock of what customer personal data you have, how you’ve collected it and what you intend to use it for. Audit how personal data is being stored to ensure the appropriate security measures are in place.  Make sure you have the necessary policies in place (including up-to-date Privacy Policies) and that your staff are fully trained on matters relating to data protection and security.

It’s a matter of engaging with your customers

One key component of the new legislation is giving consumers much greater understanding and control over their data - ensuring that customers are informed of and are able to manage preferences about the collection and use of their personal data.  But how do cinema marketers achieve this? And how does this impact the customer databases you may have already spent years building? A few key things related to securing appropriate preferences that cinema marketers should remember are as follows:


If you are using consent to justify the collection and use of data, you need to be aware that you can no longer simply mention consent in the terms and conditions embedded in a programme or service and treat that as valid. Also, you cannot automatically opt people into receiving communications from you when they join a membership programme. Say farewell to pre-ticked opt-in boxes!

In many cases you need to think much more carefully than before about what options you are giving people and allowing them the freedom to choose how to express preferences, for example for marketing messages, or looking at a means to justify the data you are holding about them without asking for consent

Active consent If you do ask for consent, make sure any opt-ins are explicit, clear and as granular as possible. Give your customers different levels of consent i.e. do they want to receive a weekly newsletter from you, do they want to receive special offers and promotions? Do they want to be contacted by email, SMS, or both? The more options you provide your customers with and the more control they have over this, the better.

Withdrawing Consent

If you are asking a customer for consent, then make sure you make it easy for them to change their mind later. Unsubscribe links and pages that are hard to find or hidden behind complex login and password-protected pages won't meet the bill. And you cannot penalise a customer for not wanting to provide their consent to receiving communications from you.  For instance, they still must be allowed to belong to your membership scheme.

Re-consenting existing customers

You should be taking the opportunity now to examine the quality of preferences settings in your existing customer databases. You may find that data collected before the GDPR comes into effect is not compliant with the new regime, for example because you haven't provided customers with a clear explanation about how you intend to use their details or give them the right options for using their data. If you find that there are gaps, you may need to contact your customers to tell them about the new arrangements, remind them of their preference and (in some cases) as them permission to carry on using their data. There are various ways to go about doing this and you should always take legal advice because each situation tends to be different and the rules are complex. But we recommend that you start now to ensure you can continue to conduct business-as-usual with your customers following May 25th. 

Quality versus Quantity

You might be looking at all this and thinking what a headache - how can this ever be a business opportunity? But we assure you it is! By checking in with your customers to let them know what you want to do with their data and by giving them options of the types of content or communications they want to receive from you, you will find that you have a better quality and database than now and one you can use with greater confidence. Yes, you will likely have find you pare back the number of customers in the database. But those who remain are likely to be more engaged and more loyal in the long-run since you know you have actively engaged with them to discuss their preferences with you.

Many businesses are taking the opportunity of this regulatory change to implement preference centres, to track member preferences and better manage opt-ins and unsubscribes. If you invest in this, you are likely to find you have even more information about your customers than you did before. You will also find it an opportunity to get to know your customers better as they engage with you to tell you their preferences. Do they want to hear about blockbuster films or event cinema productions? Are they interested in receiving weekly session time emails, or do they prefer a monthly ‘what’s on’ newsletter? Is email a more effective communication channel to communicate with them or is SMS? The opportunity to improve the quality of the customer database you have is certainly one of the benefits that GDPR will provide marketers with.

A Circle of Trust

If we step back to the core tenets of the GDPR, it is about building consumer trust through greater transparency and engagement. As cinema marketers, this is your opportunity to reinforce your brand’s commitment to your customer base. We are fortunate that, in our industry, we are marketing movies and popcorn and amazing theatrical experiences. The content we have to offer to our customers are the topic of Monday morning water cooler conversations and Saturday night dinner dates around the globe. I believe that this won’t change with GDPR and that your customers who love movies will continue to love hearing from you. If anything, you will now have a database of customers who are even more aware and engaged with you and who will value your communications, offers and messaging even more so, since they have actively opted-in for them and clearly see benefit in what you are providing.

In summary, I believe that GDPR is an opportunity for improving the quality of your database and to ultimately create an even more personal and relevant relationship with your customers. It is an opportunity for cinema marketers to shine and to show how their database marketing strategy can truly improve customer relationships, brand loyalty and ultimately drive even better business results.

To learn more about what Movio is doing to get ready for GDPR, check out our blog by Movio’s Head of Technology, Nicolas Maquet here.

 * This publication is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation.  Movio Limited will accept no responsibility for any actions taken or not taken on the basis of this publication.


cancel replyPlease wait . . .Your comment has been posted!
Your comment has been posted, it will be visible for other users after approval.

Subscribe to our newsletter

Keep me
in the loop

Our monthly email update with marketing tips, audience insights and Movio news.