Contenu connexe Similaire à GDPR - Key Insights for the Travel Industry (20) GDPR - Key Insights for the Travel Industry2. Copyright © Xtremepush ltd
The Customised Passenger Experience
●The collection of personal data has been a critical enabler to the presentation
of personalised travel experiences. Google for example have built Google
Travel and Google Flights services that have vast quantities of data and
insights to support an optimised passenger experience.
3. Copyright © Xtremepush ltd
The Customised Passenger Experience
●Travel and Transport companies as data controllers MUST now ensure they
have explicitly captured customer consent for use of data. From airport car
parks to hotel room bookings, the same principle will apply. Hotel owned
booking engines will need to fully comply with GDPR requirements, and this
will include reservations made via contact centres and walk in reservations
at reception. Data protection, privacy, consent and security considerations
are essential and mandatory cornerstones that will be need to be
consistently implemented across the industry.
4. Copyright © Xtremepush ltd
Data Security Controls:
(the high profile ABTA breach in Feb 2017)
●The GDPR states that data must be processed with adequate “security” with
appropriate technical and organizational controls to protect data. The cyber
attack that hit the Association of British Travel Agents in February of this
year was estimated to impact 43,000 Customers. Just this week, Sabre
solutions reported a cyber attack that impacted Customers of a number of
hotels in Ireland, The UK and Canada.
5. Copyright © Xtremepush ltd
Data Security Controls:
(the high profile ABTA breach in Feb 2017)
●Robust, enterprise class security controls will become critical under GDPR,
with the protection and safe management of Consumer data being of
paramount importance.
6. Copyright © Xtremepush ltd
Providers Domiciled outside the EEA
●The jurisdiction of the GDPR is not just confined to the European Economic
Area. Any entity that Controls and Processes data on behalf of EU Citizens,
no matter where in the world the provider is domiciled will be subject to
GDPR regulations by definition. This will for example mean that US Airlines,
Global Online Travel Agents, and others will directly come into the scope of
GDPR.
7. Copyright © Xtremepush ltd
The UK and GDPR
●Earlier this month, the UK Information Protection Commission published
their updated strategy document and have clarified that the UK will fully
implement GDPR on 25th May 2018 into legislation. The UK will continue to
work closely with the EU Article 29 Working Group (who have developed
GDPR) and post Brexit, the Commissioner has indicated that any intention
to create domestic legislation will be very closely aligned to GDPR. Assuming
that this legislation is afforded the same recognition as Privacy Shield
currently is by the EU, this is a positive step.
8. Copyright © Xtremepush ltd
The UK and GDPR
●It is helpful to have some certainty when trading with UK Companies who are
Controllers and Processors of EU Citizen data, and across the travel industry
post Brexit, a clear definitive position regarding data storage, legal
protection and the GDPR will be vital.