SlideShare a Scribd company logo

Abto ledenvergadering: gdpr impact on the travel industry 2017

Download as PPTX, PDF
Bart Van Den Brande
Bart Van Den Brande

The document summarizes key impacts of the new General Data Protection Regulation (GDPR) on the travel industry. The GDPR goes into effect on May 25, 2018 and introduces much stricter rules around personal data processing and privacy. It will impact all companies that collect and use personal data. Non-compliance could result in fines of up to 20 million euros or 4% of annual global turnover. Companies need to audit all data processing, ensure proper contracts with subcontractors, implement security measures, and respect expanded user rights to prepare for these changes. The deadline to be compliant is fast approaching so companies must take action soon to avoid potential penalties.

Law
1 of 32
Sirius Legal GDPR impact on the travel industry ABTO Yearly meeting, 7 June 2017
ABTO 7 June 2017
New “Privacy Law” coming your way… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached last December 2015 Enters into force on 1 May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today ABTO 7 June 2017
General Data Protection Regulation Heavily influenced by consumer protection activists in EP Result: Consumer friendly, but serious restraints for direct marketing, e-commerce and especially personalisation, profiling, real time marketing and big data Applicable on ALL data processing, except personal (private) contact lists (e.g. private Outlook account) ABTO 7 June 2017
Don’t be this guy, be prepared… All e-commerce and online marketing run on personal data This is no different in today’s digital travel industry GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) In the words of the European Commission: “data has become a currency” (cfr. Draft Directive 2015/0287 on digital content delivery contracts) Fines up to 4% of annual turnover or 20 mio euro ABTO 7 June 2017
Basic principles of GDPR Accountability Transaprancy Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security ABTO 7 June 2017
(Online) marketing today… Base of all marketing is data Heatmapping Measure everything ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
Security & internal processes 1. Working with subcontractors that process data Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts wth all subcontractors List of mandatory clauses in such contracts Booking engine, TO/agency, external marketeer, … = Need to audit/map all existing subcontracting/service contracts/licenses Mailchimp, Criteo, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack), … ABTO 7 June 2017
Security & internal processes 2. Record of processing activities Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission to launch template by 15 June Bookings, mailings, transfers to third parties, opt-outs, … ABTO 7 June 2017
Security & internal processes 3. Data security measures “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company ABTO 7 June 2017
Security & internal processes 4. Data Protection Impact Assessment If possible high impact on data subject privacy rights Obligation to run prior (documented) impact assessment Advice of DPO required if DPO is present in the organization Should be used as basis to ensure adequate security levels Privacy Commission to specify when DPIA is required If DPIA shows high risk: obtain Prior Assessment from Privacy Commission ABTO 7 June 2017
Security & internal processes 5. Data breach notification Obligation to notify any data security breach to the Privacy Commission Asap or at least within 72 hours Nature of breach, possible consequences, measures taken, etc… (= obligation to document data breach) = Need to have data breach procedure in place If possible consequences for data subjects: obligation to notify them in person! ABTO 7 June 2017
Security & internal processes 5. Data Protection Officer If core activity of processor Requires large scale data monitoring Consists of large scale data monitoring Series of requirements and conditions Details to be specified Inform & advise, monitor compliance, SPOC for authorities ABTO 7 June 2017
Information obligations & rights of data subjects 1. Lawfulness of processing (“on which grounds can I proces data?”) Prior opt-in remains the basic rule (+ proof required) “Processing is required for the execution of a contract” “Legitimate grounds” DM “may be considered” legitimate, but “Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means” If existing client relationship: OK, otherwise not so evidently OK ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Analytics – e-mail tagging Most often no opt-in Processing personal data (IP-adres)? Legitimate grounds? ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
Information obligations & rights of data subjects 2. Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …? ABTO 7 June 2017
Information obligations & rights of data subjects 3. Information obligations Obligation to notify data subject of the fact that his data is being / has been collected (or transferred) without his explicit consent Within 30 days or upon first contact = Data obtained from booking tools, travel agency, affiliate, data brokers, partner organisations, online collection… ABTO 7 June 2017
Information obligations & rights of data subjects 3. Information obligations Obligation falls if Data subject already knows (= online booking engine or affiliate, travel agency, …) or Information provision requires disproportionate effort (= open door to creativity…) ABTO 7 June 2017
Information obligations & rights of data subjects 4. Right not to be submitted to profiling If the person has a legitimate interest to do so, he has a right to object against processing/profiling Objection against processing/profiling for direct marketing purposes is always possible Remarketing, trigger based marketing, … ABTO 7 June 2017
(Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Basis of all marketing is data and profiling/segmentation Remarketing – Segmentation – trigger based – location based The right offer for the right consumer at the right moment But right to be informed and right to object Challenge: convince people not to object… ABTO 7 June 2017
Information obligations & rights of data subjects 5. Right to object to automatic decision taking Right Not to be subject to a decision Producing legal effects / significantly affects Solely based on automated processing of data Intended to evaluate certain personal aspects Examples Creditworthiness, reliability and conduct Also applies to DM “decisions” (e.g. send offer or not) ABTO 7 June 2017
Information obligations & rights of data subjects 6. Right to be forgotten Upon request by data subject, processor has to take all reasonable measures to permantently delete data + to ensure that third parties that have copies of or links to data are warned of the request and are asked to do the same ABTO 7 June 2017
Information obligations & rights of data subjects 7. “Pseudonymous data” 8. “Privacy by design” 9. “privacy by default” (cfr. recent Telenet “personalized advertising…”) 10. … ABTO 7 June 2017
Helping hand Code of Conduct = “ethical code” of associations Contain rules on how to handle data for their members Can be approved by authorities Association has to provide control/supervision Advantage: once approved can create presumption of compliance with series of obligations for association members ABTO / VVR / …? ABTO 7 June 2017
Be prepared… Those who are not prepared face trouble… Provisions of highest importance (cfr. profiling = high risk processing) Fines up to 20 million euro Fines up to 4% of worldwide annual turnover (for undertakings) Reform of Privacy Commission will lead to actual enforcement… + Remedies for data subject ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Be prepared… ABTO 7 June 2017
Independants Work load +/- 2 days Timing: 3 to 4 weeks SME’s Work load Depending on size, maturity and complexity Work load: 5 to 25 days Timing: 1 to 4 months Corporate entities Depending on size, maturity and complexity Work load: 20 to … days Timing: 3 to 10 months Be prepared…
Sirius Legal Media & advertisement law IP law Internet & e-commerce Privacy & cookies Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - immo bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb

Recommended

Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...
Bart Van Den Brande
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Bart Van Den Brande
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
Jean-Michel Tyszka
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
Lexing - Belgium
 

Recommended

Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...Privacy and data protection - Presentation for Bdma real time and trigger bas...
Privacy and data protection - Presentation for Bdma real time and trigger bas...
Bart Van Den Brande
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Bart Van Den Brande
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
Jean-Michel Tyszka
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
Lexing - Belgium
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation
Bart Van Den Brande
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
Ronke Ekwensi
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decision
Bart Van Den Brande
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
Spotler
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
Dave James
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
Jisc
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-Data
Hatime Araki
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
Jisc
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016
Bart Van Den Brande
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissector
Bart Van Den Brande
 

More Related Content

What's hot

GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation
Bart Van Den Brande
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
Ronke Ekwensi
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decision
Bart Van Den Brande
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
Spotler
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
Dave James
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
Jisc
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-Data
Hatime Araki
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
Jisc
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 

What's hot (20)

GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
UBA legal changes in marketing automation
UBA legal changes in marketing automation UBA legal changes in marketing automation
UBA legal changes in marketing automation
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC article
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Data export after the Google Analytics decision
Data export after the Google Analytics decisionData export after the Google Analytics decision
Data export after the Google Analytics decision
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
 
GDPR offer by Keley-Data
GDPR offer by Keley-DataGDPR offer by Keley-Data
GDPR offer by Keley-Data
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Jisc GDPR conference
Jisc GDPR conferenceJisc GDPR conference
Jisc GDPR conference
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 

Similar to Abto ledenvergadering: gdpr impact on the travel industry 2017

Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016
Bart Van Den Brande
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissector
Bart Van Den Brande
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
Bart Van Den Brande
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers network
Bart Van Den Brande
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
Bart Van Den Brande
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
Robert Bond
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
Marjane Moghimi, ERP
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019
Bart Van Den Brande
 
20181125 vef congres gdpr 2019
20181125 vef congres gdpr 201920181125 vef congres gdpr 2019
20181125 vef congres gdpr 2019
Bart Van Den Brande
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
Datamatics Business Solutions Ltd.
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
XeniT Solutions nv
 
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
Mailjet
 
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Bart Van Den Brande
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
Alessandra Gambrill - Guion
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17
Janelle RW Hsia
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
 

Similar to Abto ledenvergadering: gdpr impact on the travel industry 2017 (20)

Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016Impact on e-commerce of the GDPR- Etrade Summit 2016
Impact on e-commerce of the GDPR- Etrade Summit 2016
 
De impact van de GDPR op de reissector
De impact van de GDPR op de reissectorDe impact van de GDPR op de reissector
De impact van de GDPR op de reissector
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
 
Gdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers networkGdpr compliance. Presentation for Consulegis Lawyers network
Gdpr compliance. Presentation for Consulegis Lawyers network
 
Gdpr and smart cities
Gdpr and smart citiesGdpr and smart cities
Gdpr and smart cities
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018GDPR will be the new regulation on may 2018
GDPR will be the new regulation on may 2018
 
20481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 201920481112 travelmedia congres gdpr in de travelindustrie in 2019
20481112 travelmedia congres gdpr in de travelindustrie in 2019
 
20181125 vef congres gdpr 2019
20181125 vef congres gdpr 201920181125 vef congres gdpr 2019
20181125 vef congres gdpr 2019
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
How to Work With 3rd Party Software Providers Under GDPR - A Digital Marketin...
 
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
Data and personalisation Duval Union Academy breakfastsessions.be 9 June 2016
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 

More from Bart Van Den Brande

Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing
Bart Van Den Brande
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
Bart Van Den Brande
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites
Bart Van Den Brande
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
Bart Van Den Brande
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
Bart Van Den Brande
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos
Bart Van Den Brande
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Bart Van Den Brande
 
20201211 DPIA webinar
20201211 DPIA webinar20201211 DPIA webinar
20201211 DPIA webinar
Bart Van Den Brande
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeia
Bart Van Den Brande
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Bart Van Den Brande
 
Schrems II, wat nu?
Schrems II, wat nu?Schrems II, wat nu?
Schrems II, wat nu?
Bart Van Den Brande
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraising
Bart Van Den Brande
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Bart Van Den Brande
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)
Bart Van Den Brande
 
Sirius Friday Corona Webinar
Sirius Friday Corona WebinarSirius Friday Corona Webinar
Sirius Friday Corona Webinar
Bart Van Den Brande
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...
Bart Van Den Brande
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Bart Van Den Brande
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en Privacy
Bart Van Den Brande
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"
Bart Van Den Brande
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019
Bart Van Den Brande
 

More from Bart Van Den Brande (20)

Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing Start2AIM Legal focus points for AI in Marketing
Start2AIM Legal focus points for AI in Marketing
 
20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision 20220211 Data export after the Google Analytics decision
20220211 Data export after the Google Analytics decision
 
20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites20211116 gastles UCLL Hogeschool: Legal compliant websites
20211116 gastles UCLL Hogeschool: Legal compliant websites
 
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
20211118 BAM webinar: Hoe kies ik veilige (marketing automation) tools in tij...
 
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
SafeShops wijzigingen in intracommunautaire btw vanaf 1 juli 2021
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos
 
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
Sirius Legal presentatie voor Voka: 10 praktische tips om correct om te gaan ...
 
20201211 DPIA webinar
20201211 DPIA webinar20201211 DPIA webinar
20201211 DPIA webinar
 
20201214 schrems II webinar politeia
20201214 schrems II webinar politeia20201214 schrems II webinar politeia
20201214 schrems II webinar politeia
 
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
Wedstrijden en social media. Gastles Odisee Hogeschool 17/11/2020
 
Schrems II, wat nu?
Schrems II, wat nu?Schrems II, wat nu?
Schrems II, wat nu?
 
Direct marketing and data protection in fundraising
Direct marketing and data protection in fundraisingDirect marketing and data protection in fundraising
Direct marketing and data protection in fundraising
 
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
Sirius Legal Gastles aan Thomas More Hogeschool: e commerce en gdpr (1)
 
fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)fvb 10 praktische tips om correct om te gaan met klantendata (1)
fvb 10 praktische tips om correct om te gaan met klantendata (1)
 
Sirius Friday Corona Webinar
Sirius Friday Corona WebinarSirius Friday Corona Webinar
Sirius Friday Corona Webinar
 
The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...The somewhat awkward marriage between digital marketing and data protection (...
The somewhat awkward marriage between digital marketing and data protection (...
 
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacyOmgaan met data in e-commerce na de komst van GDPR en ePrivacy
Omgaan met data in e-commerce na de komst van GDPR en ePrivacy
 
Omgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en PrivacyOmgaan met data in tijden van GDPR en Privacy
Omgaan met data in tijden van GDPR en Privacy
 
Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"Sirius Friday seminarie "1 jaar gdpr"
Sirius Friday seminarie "1 jaar gdpr"
 
20190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 201920190326 Safeshops eLegal Day 2019
20190326 Safeshops eLegal Day 2019
 

Recently uploaded

Capital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptxCapital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptx
OmGod1
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
qevye
 
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
ElenaLazr2
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
Parsons Behle & Latimer
 
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
15e6o6u
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
onduyv
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
AlanSudhan
 
Asian legal busiess india you are invited
Asian legal busiess india you are invitedAsian legal busiess india you are invited
Asian legal busiess india you are invited
digitalrashi12
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
ooqzo
 
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
mecyyn
 
Comparative analysis of ipc and bharitye Naya sahinta
Comparative analysis of ipc and bharitye Naya sahintaComparative analysis of ipc and bharitye Naya sahinta
Comparative analysis of ipc and bharitye Naya sahinta
adi2292
 
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
ayvace
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
woywevt
 
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
gedsuu
 
Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?
RoseZubler1
 
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
ucoux1
 
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
abondo3
 
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptxTHE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
Namrata Chakraborty
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
sunitasaha5
 

Recently uploaded (20)

Capital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptxCapital Punishment by Saif Javed (LLM)ppt.pptx
Capital Punishment by Saif Javed (LLM)ppt.pptx
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
一比一原版(uwlc毕业证书)美国威斯康星大学拉克罗斯分校毕业证如何办理
 
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
production-orders-under-article-18-of-the-budapest-convention-on-cybercrime-a...
 
It's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of InterestIt's the Law: Recent Court and Administrative Decisions of Interest
It's the Law: Recent Court and Administrative Decisions of Interest
 
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
在线办理(UNE毕业证书)新英格兰大学毕业证成绩单一模一样
 
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
一比一原版朴次茅斯大学毕业证(uop毕业证)如何办理
 
suture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgicalsuture removal ppt.pptx medical surgical
suture removal ppt.pptx medical surgical
 
Asian legal busiess india you are invited
Asian legal busiess india you are invitedAsian legal busiess india you are invited
Asian legal busiess india you are invited
 
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(glasgow毕业证书)格拉斯哥大学毕业证如何办理
 
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
一比一原版(trent毕业证书)加拿大特伦特大学毕业证如何办理
 
Comparative analysis of ipc and bharitye Naya sahinta
Comparative analysis of ipc and bharitye Naya sahintaComparative analysis of ipc and bharitye Naya sahinta
Comparative analysis of ipc and bharitye Naya sahinta
 
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
一比一原版(ual毕业证书)伦敦艺术大学毕业证如何办理
 
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
一比一原版多伦多都会大学毕业证(TMU毕业证书)学历如何办理
 
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
一比一原版英国伦敦商学院毕业证(lbs毕业证书)如何办理
 
Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?Should AI hold Intellectual Property Rights?
Should AI hold Intellectual Property Rights?
 
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
一比一原版新加坡国立大学毕业证(本硕)nus学位证书如何办理
 
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
原版定做(sheffield学位证书)英国谢菲尔德大学毕业证文凭证书原版一模一样
 
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptxTHE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
THE CONCEPT OF RIGHT TO DEFAULT BAIL.pptx
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
 

Abto ledenvergadering: gdpr impact on the travel industry 2017

  • 1. Sirius Legal GDPR impact on the travel industry ABTO Yearly meeting, 7 June 2017
  • 3. New “Privacy Law” coming your way… General Data Protection Regulation 2016/679 (GDPR/AVGB) Regulation instead of Directive – 1 law for 28 states Agreement reached last December 2015 Enters into force on 1 May 2018 (without grace period!) New rules are MUCH stricter than current law and impact EVERYONE present here today ABTO 7 June 2017
  • 4. General Data Protection Regulation Heavily influenced by consumer protection activists in EP Result: Consumer friendly, but serious restraints for direct marketing, e-commerce and especially personalisation, profiling, real time marketing and big data Applicable on ALL data processing, except personal (private) contact lists (e.g. private Outlook account) ABTO 7 June 2017
  • 5. Don’t be this guy, be prepared… All e-commerce and online marketing run on personal data This is no different in today’s digital travel industry GDPR applies to ALL databases (clients, marketing, sales, HR, purchasing, accounting, …) In the words of the European Commission: “data has become a currency” (cfr. Draft Directive 2015/0287 on digital content delivery contracts) Fines up to 4% of annual turnover or 20 mio euro ABTO 7 June 2017
  • 6. Basic principles of GDPR Accountability Transaprancy Data Protection by design Data protection by default Purpose limitation Data minimisation Accuracy Limited retention time Data security ABTO 7 June 2017
  • 7. (Online) marketing today… Base of all marketing is data Heatmapping Measure everything ABTO 7 June 2017
  • 8. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
  • 9. Security & internal processes 1. Working with subcontractors that process data Obligation to work only with subcontractors that guarantee sufficient data security Obligation to have written contracts wth all subcontractors List of mandatory clauses in such contracts Booking engine, TO/agency, external marketeer, … = Need to audit/map all existing subcontracting/service contracts/licenses Mailchimp, Criteo, Eventbrite, (Google) Analytics, internal messaging (e.g.Slack), … ABTO 7 June 2017
  • 10. Security & internal processes 2. Record of processing activities Obligation to maintain a “record of processing activities” Holding ID of processor, processed data, categories, transfers, time limits, security measures In writing at the seat of your company Privacy Commission to launch template by 15 June Bookings, mailings, transfers to third parties, opt-outs, … ABTO 7 June 2017
  • 11. Security & internal processes 3. Data security measures “Processor shall implement appropriate technical and organizational measures, to ensure an appropriate level of security” Pseudonymisation where possible, confidentiality, security, back ups in place, security testing protocols, … = Need to audit/map data within company ABTO 7 June 2017
  • 12. Security & internal processes 4. Data Protection Impact Assessment If possible high impact on data subject privacy rights Obligation to run prior (documented) impact assessment Advice of DPO required if DPO is present in the organization Should be used as basis to ensure adequate security levels Privacy Commission to specify when DPIA is required If DPIA shows high risk: obtain Prior Assessment from Privacy Commission ABTO 7 June 2017
  • 13. Security & internal processes 5. Data breach notification Obligation to notify any data security breach to the Privacy Commission Asap or at least within 72 hours Nature of breach, possible consequences, measures taken, etc… (= obligation to document data breach) = Need to have data breach procedure in place If possible consequences for data subjects: obligation to notify them in person! ABTO 7 June 2017
  • 14. Security & internal processes 5. Data Protection Officer If core activity of processor Requires large scale data monitoring Consists of large scale data monitoring Series of requirements and conditions Details to be specified Inform & advise, monitor compliance, SPOC for authorities ABTO 7 June 2017
  • 15. Information obligations & rights of data subjects 1. Lawfulness of processing (“on which grounds can I proces data?”) Prior opt-in remains the basic rule (+ proof required) “Processing is required for the execution of a contract” “Legitimate grounds” DM “may be considered” legitimate, but “Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means” If existing client relationship: OK, otherwise not so evidently OK ABTO 7 June 2017
  • 16. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Analytics – e-mail tagging Most often no opt-in Processing personal data (IP-adres)? Legitimate grounds? ABTO 7 June 2017
  • 17. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar Basis van alle marketing is data Remarketing Iedereen is individualiseerbaar en bereikbaar ABTO 7 June 2017
  • 18. Information obligations & rights of data subjects 2. Processing of data belonging to minor (-13 Y/O, -16 Y/O) Always requires explicit authorisation by parents! “Reasonable efforts” to check age and obtain authorisation eID?, Facebook login?, credit card data?, live chat, …? ABTO 7 June 2017
  • 19. Information obligations & rights of data subjects 3. Information obligations Obligation to notify data subject of the fact that his data is being / has been collected (or transferred) without his explicit consent Within 30 days or upon first contact = Data obtained from booking tools, travel agency, affiliate, data brokers, partner organisations, online collection… ABTO 7 June 2017
  • 20. Information obligations & rights of data subjects 3. Information obligations Obligation falls if Data subject already knows (= online booking engine or affiliate, travel agency, …) or Information provision requires disproportionate effort (= open door to creativity…) ABTO 7 June 2017
  • 21. Information obligations & rights of data subjects 4. Right not to be submitted to profiling If the person has a legitimate interest to do so, he has a right to object against processing/profiling Objection against processing/profiling for direct marketing purposes is always possible Remarketing, trigger based marketing, … ABTO 7 June 2017
  • 22. (Online) marketing vandaag… Basis van alle marketing is data Heatmapping Alles is meetbaar De impact van de GDPR op uw marketing en prospectie Business meets IT, Blue Point Antwerpen, 1 juni 2017 Basis of all marketing is data and profiling/segmentation Remarketing – Segmentation – trigger based – location based The right offer for the right consumer at the right moment But right to be informed and right to object Challenge: convince people not to object… ABTO 7 June 2017
  • 23. Information obligations & rights of data subjects 5. Right to object to automatic decision taking Right Not to be subject to a decision Producing legal effects / significantly affects Solely based on automated processing of data Intended to evaluate certain personal aspects Examples Creditworthiness, reliability and conduct Also applies to DM “decisions” (e.g. send offer or not) ABTO 7 June 2017
  • 24. Information obligations & rights of data subjects 6. Right to be forgotten Upon request by data subject, processor has to take all reasonable measures to permantently delete data + to ensure that third parties that have copies of or links to data are warned of the request and are asked to do the same ABTO 7 June 2017
  • 25. Information obligations & rights of data subjects 7. “Pseudonymous data” 8. “Privacy by design” 9. “privacy by default” (cfr. recent Telenet “personalized advertising…”) 10. … ABTO 7 June 2017
  • 26. Helping hand Code of Conduct = “ethical code” of associations Contain rules on how to handle data for their members Can be approved by authorities Association has to provide control/supervision Advantage: once approved can create presumption of compliance with series of obligations for association members ABTO / VVR / …? ABTO 7 June 2017
  • 27. Be prepared… Those who are not prepared face trouble… Provisions of highest importance (cfr. profiling = high risk processing) Fines up to 20 million euro Fines up to 4% of worldwide annual turnover (for undertakings) Reform of Privacy Commission will lead to actual enforcement… + Remedies for data subject ABTO 7 June 2017
  • 31. Independants Work load +/- 2 days Timing: 3 to 4 weeks SME’s Work load Depending on size, maturity and complexity Work load: 5 to 25 days Timing: 1 to 4 months Corporate entities Depending on size, maturity and complexity Work load: 20 to … days Timing: 3 to 10 months Be prepared…
  • 32. Sirius Legal Media & advertisement law IP law Internet & e-commerce Privacy & cookies Gambling law Travel & consumer protection Commercial & contracts Corporate - tax - labour - immo bart@siriuslegal.be www.siriuslegal.be @BartVdBrande Linkedin.com/in/bartvdb