The issue of Data and data protection is of critical importance to the travel professional. Get in the know.
Suggested strategy on GDPR: If your organisation does not have a legal department, the ITM would urge you to seek third party legal advice on this issue as soon as possible. This will ensure your business has taken steps to mitigate risk / liability when the GDPR goes live in May 2018.
Like the Data Protection Act, the General Data Protection Regulation (GDPR) applies to all ‘personal data’, not just travel. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.
For most, keeping HR records, customer lists, or contact details etc. the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data.
Personal data that has been hidden – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual. The GDPR also refers to sensitive personal data as “special categories of personal data”. These are broadly the same as those in the DPA, but there are some minor changes. e.g. the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
ITM seeks clear statements from the European Commission on rights, ownership and transparency in all issues concerning data.
ITM looks for greater transparency to understand what happens to data, where it goes, how it is used and how it is disposed of.
ITM supports the view that data suppliers in general should become more open with corporate buyers in exhibiting their products
and demonstrating exactly how and what data are used in them.
ITM welcomes open engagement with IATA about data privacy and will continue to keep a watching brief in regard to the
introduction of its new DDS marketing intelligence data product.