With the GDPR coming into effect in just a few days time, organisations in and outside of the UK are making final checks to ensure everything is in place for them to be fully compliant. Promising increased safety measures surrounding the personal data of individuals, the new regulation will bring much needed change to EU data laws, which have become outdated in today’s digital age.
For travel operations, which by nature require international transfer of personal data, the challenge presented by GDPR is substantial. But with the reward so desirable, it’s well worth putting in the time and effort to ensure your travel programme not only complies, but exceeds the new requirements.
So what do you need to look out for?
1 Be aware of everywhere your organisation’s data is processed
Unsurprisingly, data is omnipresent in your travel programme; right the way from the initial booking before the trip, to the invoicing once the trip has finished. If you have a contracted TMC, your organisation’s data will be continuously processed both by them and their third party suppliers. You should be asking your TMC to demonstrate how they process and where they store your personal data and assure yourself that you know where any of their third party processors are storing your data . While they should be forthcoming in what data they have, it is worth revisiting your contracts, booking systems and any reporting functionality to be sure you are aware of where and how your data is being stored and processed.
2 Know your rights
With the arrival of GDPR, the rights of individuals are changing, and as more of our lives are shared in an online setting, it’s worth taking the time to know and understand the authority you hold as an individual with regards to your personal data. For example, GDPR has brought with it the right to be forgotten, the right to object and the right not to be subject to automated decisions. Amongst others, these new rights represent advances in the ownership each individual has, which we should all look to exercise in our increasingly digital world.
3 Ensure your suppliers are compliant
While you may have done a full audit on your internal systems to comply with GDPR, it’s paramount you and your suppliers are all on the same page. Consider each supplier or contractor you deal with, what they should be doing to comply and their general approach. Do they know exactly where and how your data is handled in their organisation? Have they taken steps to ensure all their staff are ready for the changes related to GDPR? And are they proactive and open with you in their approach? These are all important questions to confront with the dawn of GDPR, and should be grounds for your ongoing relationships with your suppliers.
As with many other operations within your organisation, you hold a duty of care towards your employees, and data protection is just another obligation to add to your list. With the benefits it will bring for data protection in the future, it’s a good idea to get a firm grip on it today, so the data of you and your employees can be used and stored in a way that is both secure and beneficial to you.