I defined the EU’s General Data Protection Regulation (GDPR) and its implications on businesses dealing with clients in the EU in my last blog. I pointed out that being in India does not remove you from its jurisdiction. The EU’s reach is long and the massive potential fines pose an existential threat to most small to medium sized businesses so if you are ignoring its impact, you do so at your peril.
It is an enduring fact that all businesses operate within the parameters of laws in their countries. Often, some regulations that are not directly enforceable in their countries and are under a bigger international umbrella tend to be put on the back burner of recognition, acceptance and compliance.
GDPR has the best intentions, in an age where cybersecurity, encryption and embedded systems are only safe until the next malicious hacker shows up, as serious data breaches in an international hospitality chain, a major Japanese consortium, and a British association of travel agents have already gravely illustrated. GDPR has stirred up what could be a hornet’s nest, once the gravity and implications sink in with the travel industry and it acknowledges that such regulations have penal implications that cannot be ignored. Most travel businesses treat client data with a degree of care that their best practices allow or are governed by laws in their country. For instance, Australia has stringent privacy laws that demand very careful treatment of client information and stipulates the deletion of such data from the business records once the purpose of obtaining the data is complete. Nicolette Hughes, director of product strategy and innovation at The Association of Superannuation Funds of Australia commented: “We treat all such data as sacrosanct and abide strictly by Australian laws. Incorporating GDPR will not be very difficult considering we already follow a discipline in the data collection and storage practice.” For instance, information pertaining to dietary preferences is considered strictly confidential in Australia. So after each event a hotel or a PCO must delete such information.
Hugo Slimbrouck, director of strategic partnerships at Ovation Global DMC, considers GDPR to be “like an approaching train which does not seem to be moving fast till it is almost upon you.” Although grey areas remain, the interpretation of GDPR and its compliance processes for various types of travel businesses will not only affect the collection and use of personal client data but also affect the marketing of events as often contact information is available on websites which are then used to email such prospects. Now, one must seek permission to email them unless one can prove ‘legitimate interest’.
Mona Abdul Manap, ceo of Place Borneo, a Malaysian DMC states candidly: “Most companies are blissfully unaware of GDPR and are yet to take cognizance of the fact that they need to comply.” For many companies in Asia, much business is conducted with other Asian companies so the segment of business with EU is not significant. That leads to apathy and the lack of urgency to deal with such issues.
The additional cost of obtaining client information, storage and security, deletion and access to clients to exercise their option of retaining or deleting partial or complete data, as well as the appointment of a data protection officer, all adds to additional fixed expenses to be incurred. The cost implication is yet to be assessed.
Compliance with GDPR in Asia seems like a long haul at this nascent stage. Firstly, Asian companies need to understand the implications and extent of confidentiality of client information and how to deal with it. Secondly, the implications of penalties consequent to any breach of the norms need to be determined. Thirdly, the methodology of compliance, how easy or difficult it will prove to be, is complex.
But if you are working with EU clients or suppliers, you need to comply.
Thailand’s new eVisa On Arrival (eVOA) service for travellers from India and 20 other countries has been launched and is now available for travellers. The eVOA service is applicable for entry at Suvarnabhumi and Don Mueng airports in Bangkok, as well as at Phuket and Chiang Mai airports. The Government of Thailand has developed this […]
Used correctly, there’s no doubt social media can play a huge and positive role for conferences. But it can also have a derailing effect, with delegates lost in their feed, ignoring the carefully curated content being presented to them in the real world, according to personal development expert Ross McWilliam. “For all the obvious components […]
Qatar Airways is hoping to attract more Indian travellers with the introduction of a new online equated monthly instalment (EMI) payment scheme for bookings made on its website exclusively for customers with credit cards issued by Indian banks. The new payment option allows passengers to pay for their flight tickets through EMI over three, six, […]
India has further liberalised the e-visa norms and duration of stay for e-Tourist as well as e-Business visas to enable more seamless inbound visits. One of the changes is the decision to extend the duration of stay under e-Visa to one year with multiple entry. Previously, the duration of stay permitted under both e-Tourist and […]
Thailand Convention and Exhibition Bureau (TCEB) and Thai Airways International (TG) have launched a joint campaign for the year, ASEAN MaxiMICE, aimed at business events from Indonesia, Malaysia, Philippines, and Singapore. Under the ASEAN MaxiMICE scheme, advantages are offered to groups across three levels – sSilver for 40-99 delegates, Gold for 100-149 delegates and Platinum […]