SlideShare a Scribd company logo

GDPR impact on the travel industry

Download as PPTX, PDF
Bart Van Den Brande
Bart Van Den Brande

Presentatie voor ABTO over de impact van de GDPR voor de travel industry

Law
1 of 32
Sirius Legal GDPR impact on the travel industry ABTO Yearly meeting, 7 June 2017
ABTO 7 June 2017
New “Privacy Law” coming your way… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached last December 2015 Enters into force on 1 May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today ABTO 7 June 2017
General Data Protection Regulation Heavily influenced by consumer protection activists in EP Result: Consumer friendly, but serious restraints for direct marketing, e-commerce and especially personalisation, profiling, real time marketing and big data Applicable on ALL data processing, except personal (private) contact lists (e.g. private Outlook account) ABTO 7 June 2017
Don’t be this guy, be prepared… All e-commerce and online marketing run on personal data This is no different in today’s digital travel industry GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) In the words of the European Commission: “data has become a currency” (cfr. Draft Directive 2015/0287 on digital content delivery contracts) Fines up to 4% of annual turnover or 20 mio euro ABTO 7 June 2017
Basic principles of GDPR Accountability Transaprancy Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security ABTO 7 June 2017
(Online) marketing today… Base of all marketing is data Heatmapping Measure everything ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
Security & internal processes 1. Working with subcontractors that process data Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts wth all subcontractors List of mandatory clauses in such contracts Booking engine, TO/agency, external marketeer, … = Need to audit/map all existing subcontracting/service contracts/licenses Mailchimp, Criteo, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack), … ABTO 7 June 2017
Security & internal processes 2. Record of processing activities Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission to launch template by 15 June Bookings, mailings, transfers to third parties, opt-outs, … ABTO 7 June 2017
Security & internal processes 3. Data security measures “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company ABTO 7 June 2017
Security & internal processes 4. Data Protection Impact Assessment If possible high impact on data subject privacy rights Obligation to run prior (documented) impact assessment Advice of DPO required if DPO is present in the organization Should be used as basis to ensure adequate security levels Privacy Commission to specify when DPIA is required If DPIA shows high risk: obtain Prior Assessment from Privacy Commission ABTO 7 June 2017
Security & internal processes 5. Data breach notification Obligation to notify any data security breach to the Privacy Commission Asap or at least within 72 hours Nature of breach, possible consequences, measures taken, etc… (= obligation to document data breach) = Need to have data breach procedure in place If possible consequences for data subjects: obligation to notify them in person! ABTO 7 June 2017
Security & internal processes 5. Data Protection Officer If core activity of processor Requires large scale data monitoring Consists of large scale data monitoring Series of requirements and conditions Details to be specified Inform & advise, monitor compliance, SPOC for authorities ABTO 7 June 2017
Information obligations & rights of data subjects 1. Lawfulness of processing (“on which grounds can I proces data?”) Prior opt-in remains the basic rule (+ proof required) “Processing is required for the execution of a contract” “Legitimate grounds” DM “may be considered” legitimate, but “Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means” If existing client relationship: OK, otherwise not so evidently OK ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Analytics – e-mail tagging Most often no opt-in Processing personal data (IP-adres)? Legitimate grounds? ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
Information obligations & rights of data subjects 2. Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …? ABTO 7 June 2017
Information obligations & rights of data subjects 3. Information obligations Obligation to notify data subject of the fact that his data is being / has been collected (or transferred) without his explicit consent Within 30 days or upon first contact = Data obtained from booking tools, travel agency, affiliate, data brokers, partner organisations, online collection… ABTO 7 June 2017
Information obligations & rights of data subjects 3. Information obligations Obligation falls if Data subject already knows (= online booking engine or affiliate, travel agency, …) or Information provision requires disproportionate effort (= open door to creativity…) ABTO 7 June 2017
Information obligations & rights of data subjects 4. Right not to be submitted to profiling If the person has a legitimate interest to do so, he has a right to object against processing/profiling Objection against processing/profiling for direct marketing purposes is always possible Remarketing, trigger based marketing, … ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Basis of all marketing is data and profiling/segmentation Remarketing – Segmentation – trigger based – location based The right offer for the right consumer at the right moment But right to be informed and right to object Challenge: convince people not to object… ABTO 7 June 2017
Information obligations & rights of data subjects 5. Right to object to automatic decision taking Right Not to be subject to a decision Producing legal effects / significantly affects Solely based on automated processing of data Intended to evaluate certain personal aspects Examples Creditworthiness, reliability and conduct Also applies to DM “decisions” (e.g. send offer or not) ABTO 7 June 2017
Information obligations & rights of data subjects 6. Right to be forgotten Upon request by data subject, processor has to take all reasonable measures to permantently delete data + to ensure that third parties that have copies of or links to data are warned of the request and are asked to do the same ABTO 7 June 2017
Information obligations & rights of data subjects 7. “Pseudonymous data” 8. “Privacy by design” 9. “privacy by default” (cfr. recent Telenet “personalized advertising…”) 10. … ABTO 7 June 2017
Helping hand Code of Conduct = “ethical code” of associations Contain rules on how to handle data for their members Can be approved by authorities Association has to provide control/supervision Advantage: once approved can create presumption of compliance with series of obligations for association members ABTO / VVR / …? ABTO 7 June 2017
Be prepared… Those who are not prepared face trouble… Provisions of highest importance (cfr. profiling = high risk processing) Fines up to 20 million euro Fines up to 4% of worldwide annual turnover (for undertakings) Reform of Privacy Commission will lead to actual enforcement… + Remedies for data subject ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Independants Work load +/- 2 days Timing: 3 to 4 weeks SME’s Work load Depending on size, maturity and complexity Work load: 5 to 25 days Timing: 1 to 4 months Corporate entities Depending on size, maturity and complexity Work load: 20 to … days Timing: 3 to 10 months Be prepared…
Sirius Legal Media & advertisement law IP law Internet & e-commerce Privacy & cookies Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - immo bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb

Recommended

Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Bart Van Den Brande
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?Lexing - Belgium
 

Recommended

Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Bart Van Den Brande
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Bart Van Den Brande
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?Lexing - Belgium
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation Bart Van Den Brande
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decisionBart Van Den Brande
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-DataHatime Araki
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Bart Van Den Brande
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissectorBart Van Den Brande
 

More Related Content

What's hot

UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation Bart Van Den Brande
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decisionBart Van Den Brande
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-DataHatime Araki
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conferenceJisc
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 

What's hot (20)

GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decision
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-Data
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 

Similar to GDPR impact on the travel industry

Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Bart Van Den Brande
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissectorBart Van Den Brande
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkBart Van Den Brande
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018Marjane Moghimi, ERP
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019Bart Van Den Brande
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...Mailjet
 
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016Bart Van Den Brande
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationN N
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Janelle RW Hsia
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 

Similar to GDPR impact on the travel industry (20)

Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissector
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers network
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019
 
20181125 vef congres gdpr 2019
20181125 vef congres gdpr 201920181125 vef congres gdpr 2019
20181125 vef congres gdpr 2019
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
 
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 

More from Bart Van Den Brande

Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Bart Van Den Brande
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision Bart Van Den Brande
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websitesBart Van Den Brande
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...Bart Van Den Brande
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021Bart Van Den Brande
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for ComeosBart Van Den Brande
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Bart Van Den Brande
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeiaBart Van Den Brande
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Bart Van Den Brande
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraisingBart Van Den Brande
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Bart Van Den Brande
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)Bart Van Den Brande
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...Bart Van Den Brande
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyBart Van Den Brande
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyBart Van Den Brande
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Bart Van Den Brande
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019Bart Van Den Brande
 

More from Bart Van Den Brande (20)

Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
 
20201211 DPIA webinar
20201211 DPIA webinar20201211 DPIA webinar
20201211 DPIA webinar
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeia
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
 
Schrems II, wat nu?
Schrems II, wat nu?Schrems II, wat nu?
Schrems II, wat nu?
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraising
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)
 
Sirius Friday Corona Webinar
Sirius Friday Corona WebinarSirius Friday Corona Webinar
Sirius Friday Corona Webinar
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en Privacy
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019
 

Recently uploaded

如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxKUHANARASARATNAM1
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 

Recently uploaded (20)

如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptxAn Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 

GDPR impact on the travel industry

  • 1. Sirius Legal GDPR impact on the travel industry ABTO Yearly meeting, 7 June 2017
  • 3. New “Privacy Law” coming your way… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached last December 2015 Enters into force on 1 May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today ABTO 7 June 2017
  • 4. General Data Protection Regulation Heavily influenced by consumer protection activists in EP Result: Consumer friendly, but serious restraints for direct marketing, e-commerce and especially personalisation, profiling, real time marketing and big data Applicable on ALL data processing, except personal (private) contact lists (e.g. private Outlook account) ABTO 7 June 2017
  • 5. Don’t be this guy, be prepared… All e-commerce and online marketing run on personal data This is no different in today’s digital travel industry GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) In the words of the European Commission: “data has become a currency” (cfr. Draft Directive 2015/0287 on digital content delivery contracts) Fines up to 4% of annual turnover or 20 mio euro ABTO 7 June 2017
  • 6. Basic principles of GDPR Accountability Transaprancy Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security ABTO 7 June 2017
  • 7. (Online) marketing today… Base of all marketing is data Heatmapping Measure everything ABTO 7 June 2017
  • 8. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
  • 9. Security & internal processes 1. Working with subcontractors that process data Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts wth all subcontractors List of mandatory clauses in such contracts Booking engine, TO/agency, external marketeer, … = Need to audit/map all existing subcontracting/service contracts/licenses Mailchimp, Criteo, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack), … ABTO 7 June 2017
  • 10. Security & internal processes 2. Record of processing activities Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission to launch template by 15 June Bookings, mailings, transfers to third parties, opt-outs, … ABTO 7 June 2017
  • 11. Security & internal processes 3. Data security measures “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company ABTO 7 June 2017
  • 12. Security & internal processes 4. Data Protection Impact Assessment If possible high impact on data subject privacy rights Obligation to run prior (documented) impact assessment Advice of DPO required if DPO is present in the organization Should be used as basis to ensure adequate security levels Privacy Commission to specify when DPIA is required If DPIA shows high risk: obtain Prior Assessment from Privacy Commission ABTO 7 June 2017
  • 13. Security & internal processes 5. Data breach notification Obligation to notify any data security breach to the Privacy Commission Asap or at least within 72 hours Nature of breach, possible consequences, measures taken, etc… (= obligation to document data breach) = Need to have data breach procedure in place If possible consequences for data subjects: obligation to notify them in person! ABTO 7 June 2017
  • 14. Security & internal processes 5. Data Protection Officer If core activity of processor Requires large scale data monitoring Consists of large scale data monitoring Series of requirements and conditions Details to be specified Inform & advise, monitor compliance, SPOC for authorities ABTO 7 June 2017
  • 15. Information obligations & rights of data subjects 1. Lawfulness of processing (“on which grounds can I proces data?”) Prior opt-in remains the basic rule (+ proof required) “Processing is required for the execution of a contract” “Legitimate grounds” DM “may be considered” legitimate, but “Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means” If existing client relationship: OK, otherwise not so evidently OK ABTO 7 June 2017
  • 16. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Analytics – e-mail tagging Most often no opt-in Processing personal data (IP-adres)? Legitimate grounds? ABTO 7 June 2017
  • 17. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
  • 18. Information obligations & rights of data subjects 2. Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …? ABTO 7 June 2017
  • 19. Information obligations & rights of data subjects 3. Information obligations Obligation to notify data subject of the fact that his data is being / has been collected (or transferred) without his explicit consent Within 30 days or upon first contact = Data obtained from booking tools, travel agency, affiliate, data brokers, partner organisations, online collection… ABTO 7 June 2017
  • 20. Information obligations & rights of data subjects 3. Information obligations Obligation falls if Data subject already knows (= online booking engine or affiliate, travel agency, …) or Information provision requires disproportionate effort (= open door to creativity…) ABTO 7 June 2017
  • 21. Information obligations & rights of data subjects 4. Right not to be submitted to profiling If the person has a legitimate interest to do so, he has a right to object against processing/profiling Objection against processing/profiling for direct marketing purposes is always possible Remarketing, trigger based marketing, … ABTO 7 June 2017
  • 22. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Basis of all marketing is data and profiling/segmentation Remarketing – Segmentation – trigger based – location based The right offer for the right consumer at the right moment But right to be informed and right to object Challenge: convince people not to object… ABTO 7 June 2017
  • 23. Information obligations & rights of data subjects 5. Right to object to automatic decision taking Right Not to be subject to a decision Producing legal effects / significantly affects Solely based on automated processing of data Intended to evaluate certain personal aspects Examples Creditworthiness, reliability and conduct Also applies to DM “decisions” (e.g. send offer or not) ABTO 7 June 2017
  • 24. Information obligations & rights of data subjects 6. Right to be forgotten Upon request by data subject, processor has to take all reasonable measures to permantently delete data + to ensure that third parties that have copies of or links to data are warned of the request and are asked to do the same ABTO 7 June 2017
  • 25. Information obligations & rights of data subjects 7. “Pseudonymous data” 8. “Privacy by design” 9. “privacy by default” (cfr. recent Telenet “personalized advertising…”) 10. … ABTO 7 June 2017
  • 26. Helping hand Code of Conduct = “ethical code” of associations Contain rules on how to handle data for their members Can be approved by authorities Association has to provide control/supervision Advantage: once approved can create presumption of compliance with series of obligations for association members ABTO / VVR / …? ABTO 7 June 2017
  • 27. Be prepared… Those who are not prepared face trouble… Provisions of highest importance (cfr. profiling = high risk processing) Fines up to 20 million euro Fines up to 4% of worldwide annual turnover (for undertakings) Reform of Privacy Commission will lead to actual enforcement… + Remedies for data subject ABTO 7 June 2017
  • 31. Independants Work load +/- 2 days Timing: 3 to 4 weeks SME’s Work load Depending on size, maturity and complexity Work load: 5 to 25 days Timing: 1 to 4 months Corporate entities Depending on size, maturity and complexity Work load: 20 to … days Timing: 3 to 10 months Be prepared…
  • 32. Sirius Legal Media & advertisement law IP law Internet & e-commerce Privacy & cookies Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - immo bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb