New rules require robust processes when handling many types of personal data, says Simon Bunce, director of legal affairs at Abta
If you didn’t know by now that the rules around data collection and protection were changing very soon – the abundance of emails and messages that you are likely to have received from companies about Privacy Notices should have given you a hint or two.
As an industry we’ve been well aware for some time that that the General Data Protection Regulation (GDPR) comes into force later this month (25 May), and marks the further evolution of best practice and legal requirements relating to the handling of personal data.
It will require you to have clearer and more robust processes in place when handling personal data relating to your customers, your staff or other people who come into contact with your business.
Many companies will already have processes and systems in place that go a long way towards compliance with the new rules.
However, some things will change – particularly when it comes to businesses being transparent and accountable.
This is especially important for the travel industry where there are often multiple uses for data and multiple channels for collecting it too.
With the deadline coming closer, GDPR has featured heavily in our recent meetings with members, as businesses are understandably concerned about making sure they take the right steps to comply with the new regulations.
Many questions have been raised about collecting and handling customer data, particularly around direct marketing.
The rules on direct marketing vary depending on the type of marketing that you do – but most people will base the majority, if not all, of their direct marketing on email.
Email and other electronic marketing such as telephone calls are covered by GDPR but also by the Privacy and Electronic Communications Regulations (PECR) and your business should already be working in line with this.
These Regulations are currently being reviewed in Europe but are not changing in the short term and certainly not by 25 May.
The PECR essentially says that you cannot use email for marketing unless you have the consent from the intended recipient.
This is why you are seeing so many emails from companies asking you to agree to receiving marketing emails from them – they can’t show that you consented in the first place!
There is however, a very significant provision within PECR (known as the soft opt-in) which allows direct electronic marketing where you have collected a customer’s contact details through a previous sale or negotiation for sale of services to them.
For this, the customer should have been given a clear option of opting out of future marketing at the time (and chose not to).
The marketing you currently do also needs to relate to similar services that they bought or enquired about previously. Finally, you need to give them a clear means of opting out of future mailings too.
If you are confident that your mailing list has been compiled on that basis, you should not need to change your processes under GDPR.
If you haven’t already done so you should make sure staff know about the changes resulting from the GDPR.
All staff need to be aware of the impact that the new rules might bring and identify areas that could cause any potential compliance issues.
You’ll also need to consider your data handling processes in relation to the data you hold about your staff.
ABTA’s new guidance note for members: Data Protection – Handling customer data covers these key areas, such as Legitimate Interest Assessments, and other relevant topics including the legal bases for processing data and international transfers. Members can download the new FAQs via abta.com/gdpr
ABTA’s Travel Law Seminar, taking place on the 22 and 23 May, will also provide an essential legal update for the travel industry. Members and non-members can book online at abta.com/events
This is a community-moderated forum.
All post are the individual views of the respective commenter and are not the expressed views of Travel Weekly.
By posting your comments you agree to accept our Terms & Conditions.