Data is a valuable asset and travel companies must protect it

MHA MacIntyre Hudson's head of travel and tourism outlines seven steps businesses should take to be GDPR ready.

Image credit: iStock
Image credit: iStock

Rajeev Shaunak is head of travel & tourism at MHA MacIntyre Hudson.

 

Data is often a travel company’s most valuable asset; without a list of existing and past customers, travel companies can’t generate repeat customer sales. With the new General Data Projection Regulation (GDPR) fast approaching, how companies acquire and manage data for clients and prospects will be the difference between success and failure.

Travel businesses now have less than 10 weeks to update their processes to demonstrate compliance with the new regulations by the 25 May deadline.

Many operators hold extensive marketing databases of personal information, collected through bookings, administration, and on and offline marketing activities. This comes direct from individuals, and through intermediaries such as travel agents and travel search websites. User profiling and online tracking tools such as cookies are also used to help better target marketing campaigns.

Travel businesses need to embrace the regulation and take the following steps to ensure they’re ready:

1. Expand consent notices online and in brochures, explaining the option to opt out of future marketing, when data might be collected, and exactly how it could be used to meet the new requirement for ‘clear affirmative action’, and an end to pre-ticked boxes and bundled consents. Operators also need to consider how best to signpost their privacy notices. 

2. Warn customers if data collected may be sent outside the European Economic Area (EEA), to government digital service centres overseas for example, where data protection may not be as strong as within the EEA. 

3. Make customers aware of their right to demand full details of the information held on them, and unlike in the past, travel companies can no longer charge for providing this.

4. A company’s appointed data controller must notify privacy regulators and affected individuals in the event of certain data privacy breaches within 72 hours.

5. Conduct a full data audit, and review data collection forms and privacy notices.

6. Demonstrate compliance to regulators on an ongoing basis and maintain records of data protection management. Details must include how long information is retained for and consents held. Without consent, companies may be expected to destroy information after the travel arrangements have been completed, provided there’s no contractual requirement for it.

7. Re-examine processes and systems used to deal with data subjects rights, including new rights in relation to erasure of data, data portability and use of profiling, along with supplier arrangements with third parties such as hoteliers and airlines.

Time is ticking; if companies haven’t already begun reviewing their data processing procedures, they must start now, especially as they will soon have the challenges of the new Package Travel Directive to contend with too.

 

For more features and breaking news sign up to C&IT Magazine's daily Newstracker here 

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in
Corporate Travel Management Europe hires director of client services

Corporate Travel Management Europe hires director of client services

David Di Feliciantonio moves from Flight Centre to a new role with CTM Europe managing business growth and development.

'Hard work mixed with a bit of personality gets you everywhere'

'Hard work mixed with a bit of personality gets you everywhere'

A-List 2019: Dan Solen, events director at GOTO Events.

Case study: Charity Film Awards at 133 Houndsditch

Case study: Charity Film Awards at 133 Houndsditch

Etc venues worked with Iconify to produce an evening of awards and entertainment hosted by Sally Phillips.

ICCA reveals new destination rankings by meeting attendees

ICCA reveals new destination rankings by meeting attendees

Country and city rankings by estimated total number of participants published in ICCA's latest statistics report.

New regional vice president for ILEA

New regional vice president for ILEA

International Live Events Association appoints new RVP for EMEA who will work with regional chapters.

'Your phone and computer have off buttons and you do deserve a break sometimes'

'Your phone and computer have off buttons and you do deserve a break sometimes'

A-List 2019: Francesca Secola, event manager, Pure Events

'Real step change' in how destinations attract business

'Real step change' in how destinations attract business

VisitBritain's Kerrin Macphie discusses international strategy and 'mapping out' the UK's business events capacity.

Telford to welcome eye specialists in 2020

Telford to welcome eye specialists in 2020

College of Optometrists' annual congress Optometry Tomorrow will be held at Telford International Centre in 2020.

'It's important to demonstrate that you can work out of your comfort zone'

'It's important to demonstrate that you can work out of your comfort zone'

A-List 2019: Georgia O'Rourke, event manager MCI Experience.

Paris to host 2021 European Society for Medical Oncology congress

Paris to host 2021 European Society for Medical Oncology congress

Doctors and cancer research professionals will gather at the Paris Convention Centre in September 2021.

LATEST JOBS