Many in India are working on the basis that the new EU regulations governing data protection do not affect them. That isn’t true. The majority of professionals either operate events in Europe or include delegates, speakers or participants from Europe, and need to adhere to the General Data Protection Act (GDPR) because the potential fines could bring down most small businesses!
The GDPR applies to the personal data processing by the controller or processor establishment in the European Union, regardless of whether the processing takes place in the EU or not. Ultimately, the change applies to almost all travel companies that offer products and services in Europe and process personal data of EU citizens as well as other users, located within its borders. This will mean that global online travel agents or, for instance, US airlines, will be directly regulated by the GDPR. For example, when an India-based hotel sells to EU travel agents or third-party wholesalers based in Europe, it falls under the Regulation. If you monitor the behaviour of users who are located within the EU, such as flight destinations and hotel booking in France, you must comply with the requirements. This approach affects the use of web analytics tools, data collection and tracking for personalisation and retargeting purposes. It also applies to website visits from users located in the EU, regardless of whether they are EU citizens or not.
The GDPR sets rules relating to the protection of people’s fundamental rights and freedoms regarding the processing of personal data. The regulation enforcement was made effective after a two-year transition period this year.
The regulation applies directly to all EU member states and has an extraterritorial scope as it enforces non-EU companies to comply with data protection obligations when processing personal information from any individual located in the EU. The purpose of the change is to give people easier access to their personal data that companies store, a new fining system, and a clear responsibility for the organisations to obtain consent from people whose information they collect. In some circumstances, companies need to appoint a data protection officer, who will be prepared for information requests from users. Data protection officers must respond to requests about the purpose of obtaining personal data and provide a copy of all user data if needed. Also, this role requires setting up the data deletion process.
According to the GDPR definition, ‘personal data’ means any information relating to a person that enables them to be identified directly or indirectly. The regulation lists some main identifiers such as name, identification number, location data, or some factors specific to the physical, cultural, or social identity of that person. From the travel industry aspect, personal data could include the following types and sources of information: ID/Passport details, names, postal addresses, race, origin, biometric data, contact information, email addresses, telephone numbers, digital data, photographs, videos, financial and payment information, HR records, current and former employee details.
The GDPR enforces extremely high penalties divided into two broad categories – the upper level is up to €20 million or four per cent of total worldwide annual global revenue for the latest financial year for major breaches. The lower level is up to €10 million or two per cent of total worldwide annual global revenue for the latest financial year for smaller breaches! Compare this penalty amount with the corresponding data breach in 2012, which can be considered a major one as 1,163,996 debit and credit card records were stolen from a travel agent. Back then, the fine amount was approximately US$255,000.
The amount of the fine depends on what article’s rules are violated. Generally, breaches of individual privacy rights and freedoms will be the subject of the upper level fines. Infringements of the controller or processor organisation’s obligations, including data security breaches, will result in the lower level fine.
I shall discuss the impacts, ramifications, compliance readiness and bottom line effect of GDPR on the Asia Pacific travel industry in my next blog. Meanwhile, if you are gathering, storing, using or sharing data for Europe-based individuals or supply chains, beware and take advice!
A new meeting space concept called the Hive has been unveiled by the Abu Dhabi National Exhibitions Company (ADNEC). Opening at the tail end of 2018, the Hive was created to meet the demands of event organisers seeking a flexible space for meetings, said an ADNEC spokesperson. It is designed to encourage participation amongst delegates. “We […]
The 11th India Convention Promotion Bureau (ICPB) convention held in Kolkata marked the opening of the first ICPB State Chapter in Kolkata, highlighting the MICE potential of eastern India. This chapter will help the ICPB to create an effective interface for the MICE industry and to prominently place West Bengal on the MICE map of […]
What is experiential travel? Isn’t all travel a summation of various experiences, perspectives, transformative emotional reactions, memories carried back and the all-important feel-good factor that the traveller takes away? Event planners have to unlearn a few things. Bookings, revenues and packages are not the ultimate goal of business promotion activity any more. Does everyone know […]
A new Vietnamese hybrid airline, Bamboo Airways, has been launched that will operate full service as well as low cost flights to cater to all segments of the growing market and expects to fly 100 domestic and international routes soon. Initially the airline will serve 24 domestic and 16 international routes. In Việt Nam, the […]
Indian outbound travellers will account for 22.5 million worldwide tourists in 2018, with reports from the United Nations World Tourism Organisation (UNWTO) estimating this figure will increase by 122 per cent to reach over 50 million by 2022. This study reveals that Indian travellers are among the world’s highest spenders per overseas visit, with their […]