I defined the EU’s General Data Protection Regulation (GDPR) and its implications on businesses dealing with clients in the EU in my last blog. I pointed out that being in India does not remove you from its jurisdiction. The EU’s reach is long and the massive potential fines pose an existential threat to most small to medium sized businesses so if you are ignoring its impact, you do so at your peril.
It is an enduring fact that all businesses operate within the parameters of laws in their countries. Often, some regulations that are not directly enforceable in their countries and are under a bigger international umbrella tend to be put on the back burner of recognition, acceptance and compliance.
GDPR has the best intentions, in an age where cybersecurity, encryption and embedded systems are only safe until the next malicious hacker shows up, as serious data breaches in an international hospitality chain, a major Japanese consortium, and a British association of travel agents have already gravely illustrated. GDPR has stirred up what could be a hornet’s nest, once the gravity and implications sink in with the travel industry and it acknowledges that such regulations have penal implications that cannot be ignored. Most travel businesses treat client data with a degree of care that their best practices allow or are governed by laws in their country. For instance, Australia has stringent privacy laws that demand very careful treatment of client information and stipulates the deletion of such data from the business records once the purpose of obtaining the data is complete. Nicolette Hughes, director of product strategy and innovation at The Association of Superannuation Funds of Australia commented: “We treat all such data as sacrosanct and abide strictly by Australian laws. Incorporating GDPR will not be very difficult considering we already follow a discipline in the data collection and storage practice.” For instance, information pertaining to dietary preferences is considered strictly confidential in Australia. So after each event a hotel or a PCO must delete such information.
Hugo Slimbrouck, director of strategic partnerships at Ovation Global DMC, considers GDPR to be “like an approaching train which does not seem to be moving fast till it is almost upon you.” Although grey areas remain, the interpretation of GDPR and its compliance processes for various types of travel businesses will not only affect the collection and use of personal client data but also affect the marketing of events as often contact information is available on websites which are then used to email such prospects. Now, one must seek permission to email them unless one can prove ‘legitimate interest’.
Mona Abdul Manap, ceo of Place Borneo, a Malaysian DMC states candidly: “Most companies are blissfully unaware of GDPR and are yet to take cognizance of the fact that they need to comply.” For many companies in Asia, much business is conducted with other Asian companies so the segment of business with EU is not significant. That leads to apathy and the lack of urgency to deal with such issues.
The additional cost of obtaining client information, storage and security, deletion and access to clients to exercise their option of retaining or deleting partial or complete data, as well as the appointment of a data protection officer, all adds to additional fixed expenses to be incurred. The cost implication is yet to be assessed.
Compliance with GDPR in Asia seems like a long haul at this nascent stage. Firstly, Asian companies need to understand the implications and extent of confidentiality of client information and how to deal with it. Secondly, the implications of penalties consequent to any breach of the norms need to be determined. Thirdly, the methodology of compliance, how easy or difficult it will prove to be, is complex.
But if you are working with EU clients or suppliers, you need to comply.
Destination Canada is revving up its marketing effort to entice more Indian outbound travellers to visit Canada, a plan that targets the millennials as well as corporate business groups and incentive tours. This is in alignment with the North Star 22 agreement with the provinces, who will work in a dollar for dollar promotional spend […]
Indian and south-east Asian corporate groups are looking at Japan as a business events destination as a result of unique learning opportunities stimulating their interest in the country. Industry stakeholders and corporate buyers say the country is increasingly seen as a place where corporate visitors can grow professionally. Etsuko Kawasaki, executive director of the Japan […]
India launched its 100th airport at Pakyong in the north-eastern state of Sikkim in the Himalayas. When fully operational, it will emerge as a boon for tourism business in the entire eastern Himalayan region, including Darjeeling and Sikkim. Besides Bagdogra airport in Northern West Bengal, which was the sole airport in the region albeit with […]
Bangkok’s hotel industry is on a sustained growth curve, aided by political stability and strong inbound travel demand from international visitors. The city has seen its strongest performance in recent years in this year with greater demand for meetings and exhibitions. Jesper Palmqvist, STR’s area director Asia-Pacific, said at the Thailand Tourism Forum: “Thailand has […]
Mauritius Tourism Promotion Authority (MTPA) is taking several initiatives to attract the Indian tourism market, especially from the MICE sector. Among these initiatives, the focus on attracting MICE travellers from India is the top priority. Arvind Bundhan, director of MTPA, said that 12 per cent of Indians travelling to Mauritius travelled for MICE activities. Mauritius […]