By Malati Parekh, ABTA Solicitor, as part of May's DeepDive into managing data effectively
As you will all no doubt know, the rules around data collection and protection are changing — and these changes will officially be implemented from tomorrow. Like me, many of you will have received an abundance of emails and messages from companies about Privacy Notices over the past few weeks as businesses make preparations.
As an industry we've been well aware for some time that the General Data Protection Regulation (GDPR) will come into force, and marks the further evolution of best practice and legal requirements relating to the handling of personal data.
The main development is that it will require clearer and more robust processes from businesses when handling personal data relating to customers, staff or other people who come into contact with them.
Many companies already have processes and systems in place that go a long way towards compliance with the new rules. However, some things will change — particularly when it comes to businesses being transparent and accountable. This is especially important for the travel industry where there are often multiple uses for data and multiple channels for collecting it too.
Similarly, travel companies collect and share customer information with suppliers, often overseas, for the purposes of providing the booking, so it's vital that businesses must review the contracts they have in place with third-party suppliers.
Our research shows that over a quarter (28%) of business managers will be employing the services of a TMC to protect their travelling staff's personal data and ensure all travel is booked only with agreed suppliers within the travel policy. TMCs have an incredibly important role to play with businesses looking to them to help protect their staff data.
For the last two years, ABTA has been conducting regional road shows for its members explaining their obligations under GDPR as well as producing detailed guidance notes. This means that ABTA TMCs should be particularly well prepared to ensure they can handle their clients' staff data safely.
It's important to remember this will be an ongoing process. Companies should be taking steps now to bring processes in line with the GDPR, but 25 May marks the start of the new approach, rather than being the finish line.
If you haven't already done so you should make sure your staff know about the changes resulting from the GDPR, regardless of whether you might employ the services of a TMC. All staff need to be aware of the impact that the new rules might have and identify areas that could cause any potential compliance issues. You'll also need to consider your data handling processes in relation to the data you hold about your staff, not just those who travel.