EU Data Protection

THE EU GENERAL DATA PROTECTION REGULATION ( GDPR) – COMING IN MAY 2018

70% of businesses are aware of the impending implementation of the General Data Protection Regulation in May 2018 and 73% of that haven’t allocated budget to adapt to adhere to GDPR.
Technology means travel businesses and other business will continue to collect, use and share more and more personal data. It is fair to say that this new regulation isn’t too different from the current Data Protection regulation but the changes will make a difference.

Firstly, to clarify, even with Brexit, The EU General Data Protection Regulation will come into force in May 2018 in the UK so it would be wise to make adjustments within your company to adapt. The EU General Data Protection Regulation is coming in and it will be implemented.

The biggest changes for a business to comply this new regulation are as follows:

Accountability for storage and usage of any personal data is now of paramount importance – a business has to be able to prove compliance at any time.

Every company must have a Data Protection Officer. It is advised that most businesses will up-skill existing staff as there will be a skill shortage due to the regulation being new.

Alongside, a Data Protection Officer Gooch went on to discuss the importance of educating the workforce. Every individual within your company should understand the GDPR and make sure they think about each individual’s privacy and how they want to use the data. Ensure every person in any business is accountable.

Record of Data Processing Activities must be kept at all times. How a business, collects, stores and intends to use their clients, or suppliers, personal data

Transparency – all data activities must be openly shared with your clients. Clients must actively say “Yes, I want to be on the list”, “Yes, I want the newsletter” “Yes, I am happy for you to share my details” There can no longer be an ounce of ambiguity. It is black and white.

This change will be the most difficult area to implement and will require strategic commercial decision and actions to be put in place by all companies. Data lists, mailing lists, all personal data will have to be reassessed. To be compliant with the General Data Protection Regulation all customers will have to be approached and asked again whether they would still like to be on your customer list.

Do remember, that the customer has to strictly agree. No pre ticked tick boxes can be used any more. Just sending a mailshot will not suffice. Mailshots tend to have a very low open rate of 10%-20% so the 80%-90% of recipients who do not open the mailshot will be qualified as not in agreement.

So, you can see the commercial impact that this can have to your client database. Many companies could potentially lose 80% of their data.

However, if a company begins to plan now and develops a strong strategy this could be a key time to create a valuable database. This is a time that client databases may shrink but the remaining customers will be active, committed, engaged and valuable.

Smart marketing is required. Strategy is required.

Moving forward -“sign ups” will need sales tactics, encouragement, offer great services and information to encourage people to actually want to be part of a mailshot list and database.

Fundamentally, for any travel agency, travel business or business general, to minimize risk they must minimise data.
If there isn’t a reason for the company to keep the data then it must be legally deleted.

For in detail information about General Data Protection Regulation 2018 please take a look at the following link https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

The Protected Trust Services Team are happy to answer any further questions or queries you may have, so please either give us a call on 020 7190 9988 or email – ask@protectedtrustservices.com