GDPR for the Travel Professional

We here at euromic are pleased to announce that we have a brand new Privacy Policy that ensures full protection of and transparency around any data you share with us – in other words, it’s fully GDPR compliant, which is important, because as of May 25, 2018, when GDPR went into effect companies and organizations that are not compliant with can face serious penalties for violating the standards of GDPR. (Please take a look at our Privacy Policy here.)

Probably, you’ve been hearing and seeing that particular collection of letters a lot lately, but you’re not entirely certain what it’s all about, let alone what the impact on your business will be.

GDPR stands for General Data Protections Regulation, and it is a series of rules and standards issued by the European Parliament to protect the personal data of citizens within the European Union.

That seemingly simple statement, however, has far-reaching impact, because under the EU regulations, the responsibility to protect personal data extends to companies and organizations located outside of the EU that may be in possession of the personal data of EU citizens.

If you and your company are located within the EU, you are naturally subject to GDPR, but let’s say that you’re not… As a travel professional, you are naturally in touch with people from around the world, and you have almost certainly exchanged e-mails with EU citizens. Even if it’s just a simple response to a request from an EU citizen that came in via your website, you are technically in possession of personal data and therefore subject to the provisions of GDPR.

The good news is that, if you’re taking reasonable precautions in how you manage your data, have decent computer security, work with reputable providers like ISPs, software providers, SaaS platforms and the like, you are probably in pretty good shape. GDPR compliance doesn’t have to be complicated, and it doesn’t even have to be particularly technical, especially if you aren’t involved in e-commerce or doing extensive e-mail marketing or the like.

As a first step, take some time to do a little reading and familiarize yourself with GDPR and its effects on travel businesses. Once you are comfortable with the subject, the next step is to consult a legal professional about updating your privacy policy and ensuring that you have the right internal procedures in place to implement your new privacy policy.

To get an idea what we’re talking about feel free to take a look at the EUROMIC Privacy Policy to see what a good but simple and straightforward example looks like. You should definitely consult with a knowledgeable legal professional, but these are also some good resources to get your started:

GDPR for Dummies: https://www.travelweekly.com/Mark-Pestronk/Sorting-out-intricacies-EU-new-data-protection-rules

SuperOffice Step-by-Step Guide: https://www.superoffice.com/blog/gdpr/

Travel Weekly GDPR Focus: https://www.travelweekly.com/Mark-Pestronk/Sorting-out-intricacies-EU-new-data-protection-rules

Tourwriter GDPR Piece: https://www.tourwriter.com/travel-software-blog/gdpr-for-tour-operators-dmcs-and-travel-agents/

SC Magazine (more technical): https://www.scmagazineuk.com/gdpr-dummies-final-dos-donts-gdpr/article/1472762

IATA GDPR Training: https://www.iata.org/training/courses/Pages/data-protection-framework-talg29.aspx

Previous
The three R’s of choosing the right incentive destination…

Where We Are

view more

Meet Us At

view more

Who We Are

view more

QuickRFP

click here