What Is GDPR?
On 25th May 2018, new data privacy laws will come into force, with the threat of substantial fines for businesses who do not comply. Organisations found to be in breach of the new rules, could face financial penalties of 4% of their annual global turnover or €20 million (whichever is greater).
The new legislation will standardise data protection across Europe, as laws are currently inconsistently applied across member states.
Who does the GDPR apply to?
New GDPR law applies to ‘controllers’ and ‘processors’. Controllers identify how and why personal data is collected and processed, Processors act on controllers’ behalf.
Processors will have more legal obligations than before; e.g. you are required to maintain stringent records of data activities and will have substantially more legal liability if you are responsible for a breach.
GDPR places further obligations on Controllers to ensure your their Processors are complying with all legislation and requirements.
What data does GDPR apply to?
GDPR applies to personal data including information such as HR records, customer lists, client contact details, as expected. However there will now be a more detailed definition of personal data, including information described as an online identifier – eg an IP address or cookie identifiers. Personal data may now include the identity of web site users before they are logged in, details from users of mobile apps, credit card numbers, transaction data.
What’s New in GDPR
As well as encompassing current data protection legislation, Article 29 will also expand into the following areas.
Article 29 are planning the following guidance:
High risk processing
How Will GDPR Affect the Travel Industry?
With personalisation and customisation becoming key to creating the ideal travel experience, the industry as a whole will be affected hugely by GDPR.
Remembering client preferences and using this information to shape future bookings has become a key part of the streamlined service TMCs offer to travellers.
Travel companies will now need to find ways to customise travel itineraries, while minimising client risk through methods of storing personal data. All parties – travel managers, bookers, airlines, hotels etc – will need to work together to ensure 100% compliance in advance of May 2018.
Beyond Business Travel
Beyond Business Travel takes the issue of GDPR and data protection very seriously and are fully compliant with all legislation and European law.
We work closely with our travel technology partner Amadeus, who are at the forefront of innovation for the travel business and build data privacy into the heart of every piece of software and every service offered.
More on GDPR
If you have any questions on GDPR and how it might affect your travel programme, please contact your account manager.
For a more comprehensive overview of the legal changes, potential risks and areas of concern, see this recent presentation and webinar, specifically put together for the travel industry.