Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR - Key Insights for the Travel Industry


Published on

As part of the Xtrempeush GDPR series, Tommy Kearns identifies key insights & considerations for the travel industry. For more on GDPR and to get ready for May 2018, speak to Xtremepush team.

Published in: Data & Analytics
  • Be the first to comment

GDPR - Key Insights for the Travel Industry

  1. 1. GDPR - Insights for the Travel Industry Get prepared for May 2018
  2. 2. Copyright © Xtremepush ltd The Customised Passenger Experience ●The collection of personal data has been a critical enabler to the presentation of personalised travel experiences. Google for example have built Google Travel and Google Flights services that have vast quantities of data and insights to support an optimised passenger experience.
  3. 3. Copyright © Xtremepush ltd The Customised Passenger Experience ●Travel and Transport companies as data controllers MUST now ensure they have explicitly captured customer consent for use of data. From airport car parks to hotel room bookings, the same principle will apply. Hotel owned booking engines will need to fully comply with GDPR requirements, and this will include reservations made via contact centres and walk in reservations at reception. Data protection, privacy, consent and security considerations are essential and mandatory cornerstones that will be need to be consistently implemented across the industry.
  4. 4. Copyright © Xtremepush ltd Data Security Controls: (the high profile ABTA breach in Feb 2017) ●The GDPR states that data must be processed with adequate “security” with appropriate technical and organizational controls to protect data. The cyber attack that hit the Association of British Travel Agents in February of this year was estimated to impact 43,000 Customers. Just this week, Sabre solutions reported a cyber attack that impacted Customers of a number of hotels in Ireland, The UK and Canada.
  5. 5. Copyright © Xtremepush ltd Data Security Controls: (the high profile ABTA breach in Feb 2017) ●Robust, enterprise class security controls will become critical under GDPR, with the protection and safe management of Consumer data being of paramount importance.
  6. 6. Copyright © Xtremepush ltd Providers Domiciled outside the EEA ●The jurisdiction of the GDPR is not just confined to the European Economic Area. Any entity that Controls and Processes data on behalf of EU Citizens, no matter where in the world the provider is domiciled will be subject to GDPR regulations by definition. This will for example mean that US Airlines, Global Online Travel Agents, and others will directly come into the scope of GDPR.
  7. 7. Copyright © Xtremepush ltd The UK and GDPR ●Earlier this month, the UK Information Protection Commission published their updated strategy document and have clarified that the UK will fully implement GDPR on 25th May 2018 into legislation. The UK will continue to work closely with the EU Article 29 Working Group (who have developed GDPR) and post Brexit, the Commissioner has indicated that any intention to create domestic legislation will be very closely aligned to GDPR. Assuming that this legislation is afforded the same recognition as Privacy Shield currently is by the EU, this is a positive step.
  8. 8. Copyright © Xtremepush ltd The UK and GDPR ●It is helpful to have some certainty when trading with UK Companies who are Controllers and Processors of EU Citizen data, and across the travel industry post Brexit, a clear definitive position regarding data storage, legal protection and the GDPR will be vital.