Successfully reported this slideshow.
Your SlideShare is downloading. ×

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Practical
recommendations
for holiday rental
owners
to prepare for
GDPR
ORGANISED BY
Practical recommendations for holiday
rental owners to prepare for GDPR
Speaker:
Nicola Erlich
Holiday Rental Industry Ana...
Disclaimer
This session provides general information and comments for
holiday rental home owners and rental managers on th...

YouTube videos are no longer supported on SlideShare

View original on YouTube

Loading in …3
×

Check these out next

1 of 30 Ad

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

Download to read offline

What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you?

You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection.

As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details.

The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018.

This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry.

Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry.

The presentation agenda will cover:

Introduction and overview to GDPR
GDPR and the Holiday Rental Industry
GDPR and You - Responsibilities, risks and benefits
Roadmap to GDPR compliance

GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.

What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you?

You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection.

As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details.

The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018.

This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry.

Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry.

The presentation agenda will cover:

Introduction and overview to GDPR
GDPR and the Holiday Rental Industry
GDPR and You - Responsibilities, risks and benefits
Roadmap to GDPR compliance

GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to GDPR & the Travel Industry: Practical recommendations for holiday rental owners (20)

Advertisement

Recently uploaded (20)

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

  1. 1. Practical recommendations for holiday rental owners to prepare for GDPR ORGANISED BY
  2. 2. Practical recommendations for holiday rental owners to prepare for GDPR Speaker: Nicola Erlich Holiday Rental Industry Analyst Host: Amelia Sutton Marketing
  3. 3. Disclaimer This session provides general information and comments for holiday rental home owners and rental managers on their obligations under GDPR and recommendations for moving towards GDPR compliance. It is not intended to be a comprehensive description of GDPR and does not constitute official legal advice which should be sought before drawing any conclusions on your particular circumstances.
  4. 4. The biggest change to our data protection laws in 20 years. Are you ready? Deadline: 25th May 2018
  5. 5. Overview This webinar will cover: - What is GDPR - GDPR – the myths, the responsibilities and the opportunities - GDPR and the Holiday Rental Industry - Practical recommendations for becoming GDPR- compliant
  6. 6. What is GDPR? General Data Protection Regulation Europe’s new data protection laws, replacing the previous 1995 data protection directive. Comes into effect on 25th May 2018. New law applies if: ◦ Establishment is in the EU ◦ Offers goods/services to EU residents ◦ Customer is located in the EU ◦ Web visits from users located in the EU Holds businesses more accountable for the data they hold. Greater protection and rights to individuals. Personal data definition expanded.
  7. 7. Evolution not Revolution! Your business should already have a pretty robust system in place regarding data protection, usage and security practices so you will not be starting from zero. Improving on the existing foundation of good practices is a positive step in building trust with your customers.
  8. 8. GDPR & the Travel Industry The travel industry will be particularly affected by GDPR due to the everyday use of personal data. Examples of personal data in the travel industry: • Bookings and reservation data, • Existing customer lists and • Correspondence with customers. Also it is the most targeted industry for cyberattacks so tight security measures & breach procedures are crucial.
  9. 9. GDPR - Separating Fact from Fiction • Regulators have corrective powers • Can issue a reprimand or corrective order High risk of penalties • No special skills/knowledge/tools needed • Improving on your existing good practices Time consuming & costly • An opportunity to offer a personalised service • Target customers who want your services Direct marketing is dead
  10. 10. GDPR & Holiday Rentals: 5 Key Areas Part 1: Controller v Processor Who is responsible for what? 1 Part 2: Personal Data What is it, and how to manage it? 2 Part 3: Individual Rights What new rights do people now have? 3 Part 4: Consent & Privacy How to get permission to use people’s data. 4 Part 5: Roadmap What steps must you take to comply? 5 What you need to know about GDPR, with industry specific examples for your holiday rental business.
  11. 11. Part 1: Data Controller & Processor Data Controller A controller is an entity that decides the purpose and manner that personal data is used. Processor The person/group that processes the data on behalf of the controller. Processing is obtaining, recording, using and storing personal data. Not everyone that handles the personal data of individuals is the same. The data protection law has defined two types of people that handle personal data: controller and processor.
  12. 12. Part 1: Personal Data Flow Chart Third Parties Processor Data Controller Holiday Rental Website Home Owner Rental Manager Legal Others Rental Manager Legal Others
  13. 13. Part 2: Personal Data ID / Passport details: name, address, race, origin, biometric data Contact information: email address, telephone number Sensitive data: financial and payment information “Personal Data” means any information relating to a person that enables them to be identified directly or indirectly. This includes sensitive data such as payment information. COLLECT – STORE – USE – SHARE DATA? You have to abide by the rules. From a travel industry aspect, personal data could include the following types and sources of information:
  14. 14. Part 3: Individual Rights Right to be informed Individuals need to be informed when you collect or process their data. Right to be forgotten Individuals can ask to have all their data deleted from your records. Right to access Individuals can now ask for access to their data, and why you are processing it.
  15. 15. Part 4: Consent & Privacy Consent is the permission given by individuals to allow you to process personal data. What data do you need to provide service to your customers? How do you get their consent to use their data? All personal data must be: • Freely given, • Specific, • Informed, and • Unambiguous Sensitive personal data must have: • Explicit consent
  16. 16. Part 5: Roadmap to GDPR- compliance
  17. 17. Part 5: Roadmap to GDPR-compliance Audit Review what personal data is held and why. 1 Review privacy policy Be transparent & specific in your data usage. 2 Establish legitimate basis Lawful basis to use personal data without consent. 3 Get consent Users must give opt-in consent. 4 Security Review hardware, software & procedures. 5 Report breaches Plan of action for security breaches 6
  18. 18. Part 5.1: Roadmap – Data Audit
  19. 19. Part 5.2: Roadmap – Privacy Policies Customer privacy is at the heart of GDPR so must be at the heart of your data protection policies Update privacy policies: • Easy to find online • Clear and precise language • Transparency on how personal data is: • Obtained • Controlled and used • Retained for ongoing purposes • Securely storage
  20. 20. Part 5.3: Roadmap – Legitimate legal basis Three ways you are allowed to use data 1. Contractual Data Online travel bookings: ◦ are a contract ◦ a legitimate legal basis to use personal data ◦ NO consent required to carry out the task of making the booking ◦ direct marketing considered a possible “legitimate interest” 2. Legitimate Interests • Legal obligations – passport details • Fiscal obligations • Protection against fraud 3. Explicit Consent
  21. 21. Part 5.4: Roadmap – Obtaining consent GDPR wants you to think about privacy and data protection from the beginning, not just as an after-thought. This is “Privacy By Design” • Limited Data Only collect what is necessary. • Data Assessment Keep checking the confidentiality of your systems. • Limit Processing Only use data for the purpose it was collected for. • Record Keeping Use good practices to record the data you have, how you obtained it, how you used it and how you store it.
  22. 22. Part 5.4: Consent – Soft Opt-In ***IMPORTANT !! *** There is a way to continue to use personal data (for marketing) without legitimate legal basis or explicit consent. Privacy & Electronic Communications Regulations (PECR) - Email and text marketing ONLY - Allows for opt-OUT instead of opt-IN consent under GDPR - Assumes interest in similar goods or services provided. - PECR is currently under review so position may change. Advice by Farina Azam, partner at Travlaw
  23. 23. Part 5.5: Roadmap – Security The threat is real. Data breaches are happening all the time. The sensitive personal data and credit card information, collected and shared makes the Travel Industry one of the most vulnerable to data breaches. Big travel brands have the resources and funds to protect themselves against cyber threats. Smaller businesses, such as holiday rental owners, are the low hanging fruit – the easy targets – for hackers. The tourism industry accounted for the largest number of cyber attacks in 2016.
  24. 24. Part 5.5: Roadmap- Security Where do you keep customer personal and sensitive data? What online security do you have in place? Is it secure? Areas to review: • Hardware & software vulnerabilities • Use encryption: • Communications • Cloud storage • System passwords security • Malware protection
  25. 25. Part 5.6: Roadmap – Breaches In the case of a data breach, i.e. hacking, you must report within 72 hours to: - the relevant authorities; - your affected customers.
  26. 26. Opportunities The focus is usually on the negatives of non-compliance, but there are a lot of positives businesses should take advantage of.
  27. 27. Key Takeaways Start now. Don’t wait until 25th May Focus on these simple steps as priority to improving your business procedures: 1. Audit – Start with an audit to get an overview of your current procedures 2. Consent – Make the changes moving forward to getting opt-in consent. 3. Security – Protect your business and the data you hold with good security practices Your clients, and the GDPR regulators, want to see that you are trying to implement GDPR. Trust is the cornerstone of good business practice.
  28. 28. Useful Contacts We don’t claim to have all the answers. In between a lot of GDPR hype there are some incredibly useful resources that have been published on the regulation. Here’s where to go if you’re looking for more in-depth reading: - The full regulation. It’s 88 pages long and has 99 articles. - The ICO’s guide to GDPR has lots of useful tools and information for small businesses. - ICO Small Business Helpline: +44 0303 123 1113 Ext.4 - EU GDPR is the EU’s official website for the regulation.
  29. 29. Thank you for participating! About Spain-Holiday.com Spain-Holiday.com is the leading holiday rental platform offering more than 15,000 quality holiday rental homes in Spain. Their industry blog, RentalBuzz, provides the community of holiday rental owners with the latest industry news, extensive coverage on tourism laws in Spain, in-depth guides, travel trend reports and useful tools. Note: This document does not constitute official legal advice and we recommend that you consult with an expert about your specific circumstances.

×