What does GDPR mean for group travel organisers and suppliers?

We look at the new General Data Protection Regulations (GDPR) that will come into force on 25th May, and what this might mean for travel trade suppliers and GTOs. With special insight from Emily Fisher, Marketing Executive for Groups Direct.

Why should I be interested in these new regulations?

Any organisation be it business, charity, community group or membership organisation has a legal duty to follow current data protection regulations when gathering, storing, sharing or processing personal data. Now the law is changing – and thus so are the responsibilities of GTOs and travel trade suppliers to meet new requirements.

What is GDPR and what is changing?

GDPR stands for General Data Protection Regulation, and this will become law in the UK on 25th May 2018. GDPR applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location. The strict regulations are there to ensure companies are taking care of customer and supplier data. One of the principles of the regulation is that personal data ‘belongs’ to the individual, and anyone who uses it has to have consent.

The regulation creates new distinct categories of ‘personal data’ and ‘sensitive data’, with the latter including matters of ethnicity, sexuality and political affiliation being subject to more stringent data handling and use requirements.

What does this all mean?

GDPR defines minimum standards for handling, securing and sharing personal data of EU inhabitants. If data is breached, this can lead to substantial fines. Some violations will incur fines up to 20 million euros or 4% of the company’s global annual turnover, whichever is higher. The Queen’s Speech has confirmed that the GDPR will still form part of UK law following the country’s withdrawal from the European Union. In this country, the agency responsible for this activity is the Information Commissioner’s Office (ICO) which has prepared useful guidance on the implications and requirements that the regulations specify.

What help is there for smaller organisations?

The ICO recognises that the new regulation may be particularly worrying and challenging for small organisations, who have less time and money to invest to getting their response right and less likely to have compliance teams, data protection officers or legal experts to advise them what to do. It has set up a dedicated advice line aimed at people running small businesses and charities and there are resources on the ICO website to help organisations employing less that 250 people prepare for the GDPR.

A Travel Trade company’s view on GDPR

We asked Emily Fisher, Marketing Executive for Groups Direct, to share her insights on the new GDPR and what this might mean for travel trade suppliers and GTOs.

How will GDPR affect companies like Groups Direct, and what are you doing yourselves to implement changes?

Our main priority is to take care of our customer and supplier data in order to keep it safe and secure. The big change with the new regulation is consent. Prior consent will be requested and collected from our clients before we start marketing to them. Unless we have a legitimate or contractual interest to contact a GTO – for example, if you have a booking with us – in the future you must give consent either via email or over the phone saying you are happy to receive emails from us. You also have the option to opt-out, and you will be removed from the mailing list. This should make it easier to reduce the amount of junk mail and spam emails that people receive without wanting them.

How do you think the new changes will affect Group Travel Organisers and groups, and are there any actions GTOs need to take?

Those responsible for group activities should be doing much the same things as companies i.e. carrying out an audit, data mapping, risk assessment, compliance etc. If your group is an informal ‘collection’ of individuals that is just gathering together to take a trip you may not be subject to the full GDPR, as it specifies that the personal data involved will form part of a ‘filing system.’ Whatever the set up, anyone compiling, holding or using personal data needs to be very careful about what is acceptable and their obligations.

How can Travel Trade companies and GTOs find out more?

There are lots of sources online regarding GDPR, but here are some official links for you to follow if you require more information: