travel agency gdpr controller

How to Comply with GDPR: Recommendations for the Travel Industry

10 min read
Business , Travel
Last updated: 15 Mar, 2018
No comments Share

The adoption of the General Data Protection Regulation (GDPR) has become one of the hottest topics across a broad spectrum of industries. The travel industry is no exception. The GDPR applies to the processing of personal data in all member states of the European Union. The main question is how the new data protection regulation will affect businesses . Travel companies will be directly affected thanks to the personal and sensitive data they gather and process. Every travel business works with users’ personal data and supplier information. In this article, we’ll discuss general positions and some specifics of the GDPR adoption in the travel industry.

How to prepare for GDPR

What is the General Data Protection Regulation or GDPR?

The GDPR sets rules relating to the protection of people's fundamental rights and freedoms regarding the processing of personal data. Enforcement date. The EU Parliament approved and adopted the GDPR on April 14, 2016. Regulation enforcement must be in place after a two-year transition period, on May 25, 2018. The main goal. The GDPR's main goal is to replace the Data Protection Directive 95/46/EC 1998 and to introduce a single data protection law that increases privacy for individuals by enforcing stronger security rules for companies that handle personal data. The GDPR structure . The full text of the regulation includes 99 articles that contain the rights of individuals and obligations placed on organizations. A lot of the GDPR's main principles are similar to those in the current Data Protection Directive. If your business has already adopted Data Protection Directive principles, it will be a good starting point for implementation of the law. However, there are new elements and important enhancements. Most businesses need to adjust their processes in accordance with these changes. Territorial scope . The regulation applies directly to all EU member states and has an extraterritorial scope as it enforces non-EU companies to comply with data protection obligations when processing personal information from any individual located in the EU. It doesn’t require any enabling legislation be passed by EU governments. The purpose. The purpose of the change is to give people easier access to their personal data that companies store, a new fining system, and a clear responsibility for the organizations to obtain consent from people whose information they collect. Data protection officer . In some circumstances, companies need to appoint a data protection officer, who will be prepared for information requests from users. Data protection officers must respond to requests about the purpose of obtaining personal data and provide a copy of all user data if needed. Also, this role requires setting up the data deletion process.

What data the GDPR consider personal

According to the GDPR definition, ‘personal data’ means any information relating to a person that enables them to be identified directly or indirectly. The regulation lists some main identifiers such as name, identification number, location data, or some factors specific to the physical, cultural, or social identity of that person. From the travel industry aspect, personal data could include the following types and sources of information:

ID / Passport details: names, postal addresses, race, origin, biometric data;
Contact information: email addresses, telephone numbers;
Digital data: photographs and videos;
Sensitive data: financial and payment information;
HR records: current and former employee details.

The person whose personal data is processed is called the data subject . From a data handling perspective, the regulation applies to both ‘controller’ and ‘processor’ companies. The controller is a person or company that determines the purposes and the means of processing data. The processor is a person (other than an employee of the data controller) or a company that processes the data on behalf of the controller.

Increasing territorial scope

The GDPR applies to the personal data processing by the controller or processor establishment in the European Union, regardless of whether the processing takes place in the Union or not. Ultimately, the change applies to almost all travel companies that offer products and services in Europe and process personal data of EU citizens as well as other users, located within its borders. Travel Industry Perspective. This will mean that global online travel agents or, for instance, US airlines, will be directly regulated by the GDPR. For example, when an Emirates-based hotel sells to EU travel agents or third-party wholesalers based in Europe, it falls under the Regulation. If you monitor the behavior of users who are located within the EU, such as flight destinations and hotel booking in France, you must comply with the requirements. This approach affects the use of web analytics tools, data collection and tracking for personalization and retargeting purposes. It also applies to website visits from users located in the EU, regardless of whether they are EU citizens or not.

Penalties system

The GDPR enforces extremely high penalties divided into two broad categories:

Upper level - up to €20 million or 4 percent of total worldwide annual global revenue for the latest financial year for major breaches. Compare this penalty amount with the corresponding data breach in 2012 , which can be considered a major one as 1,163,996 debit and credit card records were stolen from a travel agent. Back then, the fine amount was approximately $255,000.
Lower level - up to €10 million or 2 percent of total worldwide annual global revenue for the latest financial year for smaller breaches.

The amount of the fine depends on what article’s rules are violated. Generally, breaches of individual privacy rights and freedoms will be the subject of the upper level fines. Infringements of the controller or processor organization’s obligations, including data security breaches, will result in the lower level fine. The regulator also has corrective functions:

The regulator can give a reprimand where the GDPR provisions were infringed.
The regulator can issue an order that certain behaviors must be corrected within a certain time.
Penalties will be used in addition to or instead of the regulatory corrective powers.

These are only the main points of the GDPR fine system as penalties for breaches are tiered. Various criteria are considered in each case. They could be the nature, duration, and character of the infringement or types of personal data affected, previous infringements, and cooperation level.

Practical recommendations for travel companies to prepare for GDPR

Create the new format for obtaining user consent.

Data processing is based on consent. According to the regulation, consent means the permission to process personal data given by the individuals. The GDPR sets up conditions and rules for consent creation and businesses must follow them to be in compliance with the act. New rules that apply to obtaining the consent:

Consent must be freely given, specific, informed, and unambiguous.
Companies must present the consent in easily accessible form that is written in clear language.
The consent can’t be inferred from silence, visiting, and continuing to browse a website. It also needs to be separated from other terms and conditions. The user must complete an affirmative action. The best approach is to create a click with an opt-in box.
If you gather information about users via cookies, you should give them the opportunity to accept or reject them.
If a user changes their mind, they also must be able to access settings menus to update their preferences.

Personal information collected about users for one purpose can’t be used for a different one. Travel industry perspective. All airline websites collect user emails addresses so they can send an e-ticket. Usually, the purpose of acquiring these emails is clearly articulated. But airlines must ask for the explicit consent again if they were to use this data for email campaigns. The same with hotels, if a user gives the consent to collect data to make a hotel booking, the data can’t be used for marketing purposes because the consent for such usage wasn’t given. The best way to contact your customers for consent is to include multiple tick boxes for each type of consent you need. Travel services, from airport parking lots to hotel room bookings, must explain to customers why they are capturing their personal data, who is requesting that data, and who else will have the access to it.

Audit the data you store

As use cases grow in number and personal information is applied across various departments, it becomes difficult to track all the types of information collected. Organize an information audit. This will help analyze what data you have, why you store it, what you want to do with it, and how long should you keep it. It’s important to determine what consent you have been obtaining for this information. Was it explicit, or not? Do you provide security measures to protect the data from a breach? The Information Commissioner’s Office (ICO) - the UK's independent body created to uphold information rights - has a helpful checklist on its website for companies to assess how well they are prepared for the GDPR rules. Travel industry perspective. Booking.com, the largest flight, and accommodation OTA, collects a broad spectrum of personal details, including names, travel purposes (leisure or work), travel with children, emails, payment data, etc.

Booking.com stores a lot of identifying and non-identifying information about users

The Regulation requires communicating clear purposes of information use. To achieve that, travel companies - especially those collecting data for sophisticated personalization - must organize an information audit.

Review existing contracts

Massive data exchange via APIs is common practice in the travel industry. One of the most important steps for wholesalers today is to upgrade contracts in place that contain the provision about protection of individual rights. Companies should understand how their partners inform data subjects about the transfers they make. Travel industry perspective. For instance, OTAs send personal data to hotels, other accommodation providers, car rental services, and airlines that may be within or beyond the EU, but still render services to EU citizens. On the other hand, if your partners purchase the data from you, they must explain how they plan to secure and keep it up-to-date as well as explain to individuals where and how they have obtained the data.

Be ready to respond to user requests

According to regulation rules, all users have the right to ask companies:

List the data stored with them;
Define data collection purposes and uses cases;
Outline the time period for which the personal data will be stored;
Send a copy of all their data that is held;
Delete the data about them.

Source: Virgin America Privacy Policy

Travel companies also need to ensure they can control the process of data deletion by third parties with access to existing information. For instance, when users book a trip, a travel portal transfers the information to a hotel or car rental provider.

Adapt your personalization processes

Most marketing processes in online travel agencies are based on user experience personalization . The GDPR gives companies an opportunity to stop spamming their users, delivering more explicit, valuable personalization instead. If we look at the regulation requirements from the travel standpoint, it could be considered a new opportunity to personalize. Holiday offers, low-cost airlines tickets, or comfortable hotel service suggestions motivate people. Most customers are interested in sharing their personal data to have better, and more personalized service as a result. If travel companies manage to introduce clear communication and allow travelers to shape promoted travel offers, there will be a real value in meaningful and up-to-date personalization.

Appoint a Data Protection Officer

According to the GDPR, organizations must appoint a data protection officer (DPO) in some circumstances. Specifically, the appointment of a DPO is mandatory when:

The organization is a public authority or body.
The organization engages in regular and systematic monitoring of individuals on a large scale, for instance, online behavior tracking.
The organizations that engage in large scale processing of special categories of data (sensitive personal data) or data relating to criminal convictions and offenses.

There is no exception for small and medium-sized companies. However, each EU country can individually determine the other cases in which they must appoint a DPO. The DPO could be an existing staff member who takes the responsibility for data protection compliance or companies can hire an external expert for this role.

Travel industry perspective. If you run a local tours and activities service that doesn’t collect any personal data besides emails and you don’t systematically face European tourists, it’s likely that you don’t need a DPO just yet. However, if you operate an OTA that provides services globally and systematically processes user data for booking, marketing, and personalization purposes a data protection officer becomes a necessity.

Enable data breach notifications

Ensure that you set up the right procedures to effectively detect, report, and investigate a personal data breach. According to the GDPR, companies should report certain types of data breach to the Information Commissioner's Office within 72 hours. If the breach can directly affect people's rights and freedoms, individuals must be notified as well. Travel industry perspective. As OTAs, hotels, and airlines collect and store much of identifying personal data, from names to children’s information, ensuring the right response to breaches becomes critical.

Give users access to the personal data you stored about them

The data subject shall have the right to receive the information from the controller regardless of whether his or her personal data is processed. You should be able to provide users with access to their personal data and information about how this personal data is being processed.

Foursquare succeeds at communicating the purposes of data use and providing control over personal data

If the user requests, you must also be ready to provide an overview of the data categories being processed and the copy of actual data. Whether personal data is shared with other companies or transferred to a third party, you must provide detailed information to the data subject about these processes.

Ensure portability of the data you store

The data subject can ask to transfer his or her personal data from one electronic processing system to another. You must be ready for such requests. The data must be provided in a structured and commonly used electronic format. This enables other companies to use the data. The data must be provided free of charge. Users also have the right to request transmission of the data directly to other organizations. However, this doesn’t mean you should adapt your processing systems to be compatible with other organizations. Travel industry perspective. If you operate a hotel business, it’s likely that you store personal data in a property management system. Be sure your software can export data in common formats, like csv or xlsx.

It’s crucial for your company comply with the GDPR. Regulation compliance is a complicated issue that all company employees must support. To initiate changing of processes for compliance with new rules, your company's top managers must understand the importance of the GDPR and how it will influence your business so that they can be proactive. While the GDPR will definitely affect almost all travel industry players, it could be an opportunity rather than a threat. It nudges travel businesses to build trustful relationships with customers providing valuable propositions to them. To build such relationships you must ensure that your customers understand why the data is collected. And, remember, they are likely to provide more data to get better personalization. If you use the collected data effectively, your customer will receive more personalized propositions and as a result, be motivated to make the purchase.

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Member Login
SYTA Youth Foundation
Find a Tour Operator
Why Travel Matters
Teach & Travel
Buyer’s Guide
Join Our Community
Professional Development
Destination Forum
SYTA Socials
SYTA Event Calendar
Host an Event
Coronavirus
Board of Directors
Strategic Partners
Allied Members
Getting Involved
Privacy Policy
Find a SYTA Travel Planner
Safety Resource Center
Travel Matters Toolkit
Responsible Travel
Virtual Education
CSTP Certification
CSTP Graduates
CSTO Certification
CSTO Graduates
Center for Student Travel Safety
Tour Operator
International Affiliate
SYTA’s Code of Ethics
Annual Conference
SYTA Summit

Understanding the New GDPR for Travel Companies

You may have heard rumblings about GDPR—General Data Protection Regulation—and wondered what exactly it is and whether it affects your business. Read on for a breakdown that shares what you really need to know.

GDPR went into effect on May 25, 2018. If you’re a European Union citizen or company or are a non-EU company that offers goods and/or services or monitors the behavior of EU data subjects, this applies to you. Since you may not always know if a customer is an EU citizen, the better assumption is that it applies.

What’s the goal? To introduce a single data protection law that increases privacy for individuals by enforcing stronger security rules for companies that handle personal data.

But what does it mean? The GDPR sets rules relating to the protection of people’s fundamental rights and freedoms regarding the processing of personal data. Under the European Charter of Fundamental Rights Article 8(1), the protection of natural persons with regard to the processing of personal data is a fundamental right. Prior to the GDPR, this right was protected by the Data Protective Directive. The GDPR expands on the DPD and requires additional elements of protection.

Personal data includes anything that relates to someone’s identity, specifically including name, email address, bank details, social media updates, medical history and computer IP address.

Under the GDPR, when is it OK for travel companies to collect personal data? It depends on three conditions:

Allowable under legitimate legal basis. This covers collecting information in order to book the tour, make reservations and charge the customer.
Obtaining consent. You need to obtain customer consent if you plan to use the data for later marketing or if you share their data with others.
Public interest. The best example for travel companies in this category is health related: Should an epidemic or pandemic arise, there would be a public interest in determining who might have been exposed.

A travel company is allowed to retain personal data as long as there is a legitimate business interest. Therefore, consider revising your document retention policy.

When it comes to obtaining consent from your customers, be sure to have an intelligible and easily accessible form available. The GDPR requires customers to “opt in” to consent rather than having to “opt out.” This form should be distinguishable from other matters and include clear and plain language as well as the right to withdraw consent at any time. This is an example consent form for an individual company:

For minors, the same rules apply and consent for children under 16 must be given by a parent or legal guardian.

Also worth noting: Under the GDPR, individuals have the right to be forgotten. If an individual requests that their data be scrubbed, you must comply unless there’s a legal purpose for retaining the data.

If you have a contract with third parties, only disclose necessary data. The third party will be responsible for the data they handle and should destroy it when the legitimate purpose is complete. Should they want to use the data for marketing purposes, they would need to obtain their own consent. Note that it’s unwise to take responsibility for third-party consent yourself.

The consent form should also link to the privacy policy that contains detailed information about how the customer’s data is used, stored, et cetera, along with the following:

Identity and contact information of the business storing the data.
The purpose of the processing and the legal basis.
Recipients or categories of recipients of the data, if any.
The period for which data will be stored.
Right to access and erasure of data. (No charge.)
Right to withdraw consent at anytime.
Right to lodge a complaint.
Whether the data will be processed for any purpose other than for which it was collected.

Within the privacy policy, be sure to tell customers who you are, how their personal data will be collected, what type of information is collected, how it will be used and who has access to their information. Additionally, provide an option to opt out and detail how they can access their information.

STORAGE OF PERSONAL DATA

To be in compliance with stored personal data, you must keep a record of all current and existing data, how and when a customer provided consent, how their data is being protected—you’ll want encryption and firewalls, how the data is being used, and monitoring protocols to avoid a breach.

What you can do right now:

Conduct a full audit of all data held, how it’s handled and collected, what it’s used for and how securely it’s stored. You should be able to get this information from your web designer and you should work with them to ensure you know the answers to these questions. Also, ensure they understand GDPR and can comply.
Determine adjustments. What is the legal basis of the data currently held? Adjust procedures for obtaining and storing data as necessary; think about ease of access to destroy data if an individual exercises their right to be forgotten. Staff should also understand that personal data is now protected and should not be shared at will. Staff should only receive personal data necessary for their job and there should be a plan to destroy that data after necessary use.

If there’s a serious breach? You must report it within 72 hours.

Be sure to describe the nature of the personal data breach including where, if possible; the categories and approximate number of data subjects concerned; and the categories and approximate number of personal data records concerned. Describe the likely consequences of the personal data breach and the measures taken or proposed by the controller to address the personal data breach including, where appropriate, measures to mitigate its possible adverse effects. Only notify individuals if the breach is considered “high-risk.”

Penalties for noncompliance are steep: a fine up to $22.8 million (€20 million) or 4 percent of annual turnover, whichever is higher.

Information courtesy of Jeff Ment. To learn more, visit Ment Law .

What Do Canadians Want? Amex Travel Trend Report Tells All
SYTA 2023 Student Travel Business Barometer: Preliminary Results Show Student Group Travel Sector Exceeded 2019 Volumes
PRESS RELEASE: Victoria Cimino Steps Down as Visit Williamsburg CEO
UK Government Publishes a Statement of Changes
Universal Orlando Resort Announces Two New Hotels
student travel
New York City
Teach & Travel

Our Global Voice

Please note: Our website no longer fully supports IE11 , as such you may encounter issues using our website, please try an alternative browser such as Google Chrome, Mozilla Firefox, Microsoft Edge (Windows) or Safari (Mac).

What do travel companies need to know about data protection?

The UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, which came into force in 2021, overhauled rights and obligations regarding the processing of personal data in the UK. While the UK GDPR general processing arrangements apply to most UK based organisations, those operating in the travel sector are typically also required to comply with EU GDPR, making the situation particularly complex. We have previously written about the impact of GDPR and its application , and new developments , which need to be complied with.

Travel companies are also directly exposed to the risk of severe data breaches, and the potential fall out, due to the nature and sensitivity of the personal data collected. This includes, ID and passport information, contact information, and sensitive data such as payment information, among others. The scope of potential data issues in the travel industry were considered in an investigation by Which? in 2020. When publishing the results of its cyber security review of 98 travel firms, Which? identified 497 vulnerabilities on the Marriott group websites alone, asserting that 20% presented a critical or high risk to data. However, these risks can be mitigated with appropriate security, support, and training.

Data Protection Breaches

There have been a number of high-profile data breaches within the travel industry in recent years. Well established travel companies, such as EasyJet and British Airways, have experienced publicised breaches, often resulting from targeted attacks or insufficient data security.

Perhaps the most widely known travel data breach was experienced by British Airways in 2018, which affected 420,000 people and resulted in a £20 million fine issued by the Information Commissioner's Office (ICO). The group claim brought by those affected represents the largest data breach claim in the United Kingdom to date. Similarly, the ICO had initially stated its intention to fine the company £183 million, with the eventual reduced £20 million figure still being the highest fine of its kind. The breach itself arose from a cyber-attack and involved the names, addresses and payment details of customers and staff. The airline's system was compromised, with the attackers using their access to harvest information as it was entered over at least a 2 month period. The success of the attack has been credited to insufficient security measures, including no multi-factor authentication being in place. The incident serves as a stark warning to travel companies as to the potential seriousness, not only in terms of data breaches themselves, but the financial and reputational repercussions they may bring.

A similar breach was reported by EasyJet in 2020, affecting the personal information of 9 million customers and the theft of over 2,000 payment card details. However, in contrast to the British Airways attack, the EasyJet breach led to secondary phishing attempts against those affected. The extent of the issue has seen data experts recommend that any individuals who have previously bought any travel services from EasyJet should be very careful when navigating communications presented as being sent by the company. EasyJet itself set about contacting the affected 9 million customers, a feat that was undoubtedly expensive and time consuming.

Also in 2018, the Marriott group experienced a data breach affecting its reservation system and involving the data of hundreds of millions of customers. The breach was a result of existing security issues inherited by Marriott following its acquisition of the Starwood hotel chain. Notably, a remote access trojan had granted cyber attackers administrative access to the Starwood system, a fact that was not identified as Marriott had failed to carry out an adequate cybersecurity audit. Alongside reputational damage, Marriott incurred around $30 million in expenses dealing with the breach, and was fined £18.4 million by the ICO alone (reduced from £99 million) in addition to other international fines.

The ICO have reiterated that people have the right to expect companies to handle their personal information securely and in a responsible manner, and when this doesn’t happen it will set about taking robust action.

How Blake Morgan Can Help?

Blake Morgan has a number of experienced lawyers able to deliver succinct and pragmatic advice to travel companies, and individuals, on the topic of data protection. Our services include:

• Advice relating to data protection and GDPR compliance • Dealing with data breaches and breach notifications • Data protection impact assessments and audits • Assisting with subject access requests • Drafting data sharing and data processing arrangements • Advising on privacy law • Providing information governance guidance

Blake Morgan is also the only UK law firm that delivers the prestigious British Computer Society BCS Practitioner Certificate in Data Protection .

If you are concerned about a potential data breach, would like some advice on preventative measures, or have been affected by a breach, please contact our team of data protection lawyers . You can also read more about the services we offer here .

Authors: Rob Jefferies and Alette Anderson-Whitehouse

GDPR and the Travel Agent

Written on 19 August 2019 .

This Month: The Travel Agent…

Welcome to the eighth article in our series of professionally-themed insights for 2019.

Each written with a specific profession or role in mind, they’re packed full of helpful ponderables, tips and advice to make the GDPR work for you in your everyday 9-5.

This month, we’re covering the need-to-knows, good-to-knows and no-nos (!) for all you Travel Agents out there.

We hope it makes your GDPR life that little bit easier.

Dear Travel Agent…

Seeing as you’re probably helping everyone else head off on their jollies, the chances are you’re still around to read this.

Which is timely because, as a Travel Agent, you deal with so much personal customer data, you’ve a whole world of GDPR info to consider – and at this time of year more than ever.

In your line of work, reputation, reliability and trust remain crucial factors for your customers. They rely on you to book their hotels, flights and other travel arrangements. They even entrust you with their bank details, passport information and vaccination history!

So, as well as the great service you provide, why not make the way you look after your customers’ data another USP for them to want to use you?

Here’s some basic guidance and gentle reminders on how best to manage your GDPR role…

GDPR Tips for the Travel Agent

You know what they say: do something good for a customer and they’ll tell about 5 people. Do something bad, however, and they’re more likely to tell 25!

So, when it comes to safeguarding people’s personal and sensitive data, it’s worth getting it right. Otherwise, they can tend to get a little, well, sensitive over it. And rightly so.

Here are some things to consider:

Remember that you’re both a data controller and a data processor.

As a Travel Agent, you really are in the midst of it all. You’ll have your own customers that book through you and use your other services (such as currency exchange) and whose personal information you control because of that direct service provider-customer link. And then there’s your other role where you’re processing your business customers’ employee details on their behalf to book airlines/train and bus companies and hotels that they go on to use.

Crucially, you need to know exactly what’s what on how best to manage these different roles – because it’s when the lines get blurred and responsibility either gets inadvertently neglected or mistakenly passed on that problems arise.

How clear are you on your different responsibilities for your data controller and processor roles?

Be clear on why you’re processing someone’s data and how much you need.

Anyone processing personal data needs a legitimate reason to do so, so it’s worth being sure of what your bases are for the processing you do as an out-and-out data processor as well as the processing contained within your data controller role.

It’s also worth checking that you’re aware of the boundaries in each case too. For instance, if you’ve been assigned to lay on a coach to pick up a travel group, then you’re going to need their names (and possibly gender) to pass on to the coach company. But that’s all. All the coach company or its driver needs is enough information to identify the right people and get them on the coach.

How legitimate is the basis and extent of your processing?

Just be careful!

Okay, this one’s so basic and so obvious, but it’s oh-so-true! We’re not even talking about having secure and robust data management storage systems or highly detailed contingency plans should things go awry.

Nope, we really are referring to the basics… like not losing someone’s passport information or emailing someone’s information to the wrong person or company. Because, trust us, it happens ?

What are the chances of you having a “Oh, ****!” moment?

Only buy in or accept data lists once you’ve carried out some proper due diligence.

Having a well-targeted data list can make such a difference to your marketing (e.g. a ready-made list of people who’ve previously expressed an interest in going to the Caribbean ahead of your Winter Sun campaign).

Of course, the caveat is how was it sourced and did those people whose personal details it contains give their consent? Because if they didn’t (or worse, they’re unaware that their information’s been passed on), you could find yourself in deeper water than those you’d hoped to send them paddling in! And you can bet with a data compliance issue hanging over you, it’s unlikely to be crystal-clear…

Do you know everything there is to know about your data lists?

You need good reason to follow-up with people and retain their details.

In the same way that you need someone’s consent to use their data, it also applies to you being able to continue to contact them. In short, you should only be following up with them for the same reason that they gave their consent in the first place – e.g. a newsletter or perhaps emailing them new season prices so that they can return to their favourite resort each year. Otherwise, you’re not playing by the GDPR rules.

Similarly, you should also be mindful of how long you’re holding onto people’s data for. Again, it should only be for as long as the original justification requires. Take the coach pick-up scenario again (from the 2 nd point above) – once those passengers have been collected, by right, you have no further need to retain their details.

It’s very easy to just let people’s data sit there so that you can slowly add to it. The question is: to what end? If you’re using it to build a profile rather than deliver the service that they originally signed up for, then you really ought to think again…

When was the last time you rationalised your follow-up and retention policies?

In-the-Know… Summary

The Need-To-Knows

Know what’s expected of you as both a data controller and
You must have a legitimate basis to process someone’s data.
That basis also needs to be the correct one!

The Good-To-Knows

Having a well-honed GDPR policy could act as a great USP for your business.
It’s okay to keep contacting customers if it’s for the reason they initially signed up for.
It’s worth reviewing your customer data regularly to check whether you still need to keep it.

The No-Nos!

And whatever you do, please…

Don’t dismiss GDPR or not find time to take it seriously.
Don’t use a data list if you’ve no idea of its background.
Don’t put off asking for help if you need it.

Help and support is only a quick email away

If your knowledge of the GDPR equates more to a wet weekend in Skegness than a luxurious sojourn in Cannes, we can help.

We’ll gladly take you through whatever you need to make it all sunshine and smiles with your GDPR responsibilities – just get in touch.

Of course, it may not seem like a holiday to you at the time, but you’ll be glad you did… ?

Next month in GDPR and The Professional : The Recruitment Agent…

Latest News & Events

What is a data leak and how do they happen.

Written on Tuesday, 19 September 2023

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Contact Databasix

Email [email protected] Tel 01865 346080

Get Data Protection Services t/a Databasix is a registered company in England & Wales. Registration No. 15292208

Unit B Oakwood Oakfield Industrial Estate Eynsham Witney OX29 4TH

Cyber Security & Data Breach Stats 2023
Statistics on data breaches in the UK, 2021
Statistics on data breaches in the UK, 2020
Statistics of cyber security risks when working from home
Causes of a data breach
20 frightening cyber security facts and stats

Search Travel Market Report

Packaged Travel
Hotels & Resorts
Destinations
Retail Strategies
Niche & Luxury
Training & Resources
Brian Israel
Briana Bonfiglio
Dan McCarthy
Dori Saltzman
Jennifer Arango
Kelly Fontenelle
Keri-Anne Slevin
Louis Intreglia
Sarah Milner
Tom McCarthy

EU's New General Data Protection Regulation Will Impact U.S. Travel Agencies

Photo: Shutterstock.com

On May 25, the new European Union General Data Protection Regulation (GDPR) will take effect. The stated purpose of the regulation, which has the force of law in the EU, is to protect the data of “natural persons,” meaning humans as opposed to legal entities like corporations.

The real difficulties arise because the rules, intended to create equal rights in all EU member countries, apply to everyone regardless of their nationality or residence and all of their covered data regardless of where it is processed and whether the processing is automated or manual. Despite that goal, however, the regime created by the GDPR allows individual EU states to adopt separate rules in some circumstances.

Individuals will retain the right to access their data, demand correction of factual errors and have their data deleted. An individual can transfer personal data from one social platform to another on demand.

There is an exemption from the record keeping rules for firms with less than 250 employees and the member states are encouraged to “take account of the specific needs of micro, small and medium-sized enterprises” when applying the GDPR. The exemption is, however, subject to multiple exceptions. When applicable, the exemption appears to largely undermine the core principles of the GDPR. The rules also state that “files or sets of files, as well as their cover pages, which are not structured according to specific criteria should not fall within the scope of this Regulation.” Many other subparts of the regulation have their own exceptions and limitations and are generally overridden by the giving of the data subject’s consent. Overall, then, it is impossible to be certain of the circumstances under which the GDPR will apply to specific small businesses in the U.S.

The GDPR also contains a provision allowing data collection when in the firm’s “legitimate interest,” a term with unclear boundaries. Hopefully, the application of the “legitimate interest” concept will be elaborated in the near future.

The potential penalties for violation of the GDPR are life-threatening to many businesses; the upper limit is 4 percent of a company’s global sales (or $20 million, whichever is larger).

The GDRP creates many issues. I will identify some of the key ones here but cannot in the context of an article like this, attempt to address them all.

Enforceable if not physically present in the EU? One central question is to what extent the courts in the U.S. will enforce EU regulations in circumstances where the regulatory violation claim relates to conduct by a U.S.-resident person who was never physically present in the EU for purposes of making a transaction involving the processing of personal data of an EU resident. The outcome may differ depending on whether the U.S.-based person overtly offered her services in the EU or whether the EU person merely reached out to the U.S. person for assistance.

The GDPR addresses this issue to some extent but is not conclusive or even helpful. One of the tests for the application of the rules is whether the data processor is, “offering … services to data subjects who are in the Union.” To decide whether services are being “offered,” the GDPR says it must be “apparent” that the data processor “envisages offering” such services. Merely having a website accessible in the EU, or a generally accessible email address is not sufficient. However, “use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.”

What about monitoring behavior online? If that were not bad enough, the GDPR says that if personal data is used to “monitor the behavior” of data subjects in the EU, then that entity is covered by the regulation. Monitoring includes whether data subjects are, “tracked on the Internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing [sic] or predicting her or his personal preferences, behaviours [sic] and attitudes .” [emphasis added]

Taken at face value, that provision seems to address the airlines’ use of the New Distribution Capability (NDC) to make “personalized individualized offers” to consumers. The processing of the data involved in that will primarily lie with the airlines and perhaps the GDSs or other data intermediaries, but it may also involve travel agencies passing such offers to customers and processing or storing data arising from such transactions.

The issue of consent Finally, for the limited purposes of this article, there is the matter of “consent” by the data subject to the processing of her personal data. The GDPR provides that:

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an Internet website … or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent . Consent should cover all processing activities carried out for the same purpose or purposes . When the processing has multiple purposes , consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.” [emphasis added]

Even though one of the apparent purposes of the GDPR is to eliminate the long, legalese-infused Terms & Conditions that everyone “accepts” without reading or understanding, the vague language and lengthy requirements seem certain to produce the opposite result.

The GDPR goes further:

“Any processing of personal data should be lawful and fair . It should be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand , and that clear and plain language be used. That principle concerns, in particular, information to the data subjects on the identity of the controller and the purposes of the processing and further information to ensure fair and transparent processing in respect of the natural persons concerned and their right to obtain confirmation and communication of personal data concerning them which are being processed. Natural persons should be made aware of risks, rules, safeguards and rights in relation to the processing of personal data and how to exercise their rights in relation to such processing. In particular, the specific purposes for which personal data are processed should be explicit and legitimate and determined at the time of the collection of the personal data . The personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed. This requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum . Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means . In order to ensure that the personal data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review . Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing.”

There is much more, but I will not further belabor it. The GDPR seems inevitably destined to yield more rather than less verbiage in Terms & Conditions that few, if any, customers will actually read. The rules may become a trap for the unwary, however, as individuals or groups focused on privacy monitor the GDPR compliance of firms.

Worth doing business with EU residents? Every travel agency must decide for itself whether the rules are so costly to implement that the agency is better off declining to do business with travelers who reside in the EU. It seems unlikely that the EU would actually seek to aggressively enforce against a small agency in the U.S. that was not itself overtly soliciting business in the EU, but the possibility of “demonstration cases” always exists just to make the point that the EU takes the GDPR seriously. The risk of becoming an enforcement target is small, but probably not zero. Larger agencies with active sales in the EU are at much greater risk.

Here are a couple of websites with useful outlines of some of the GDPR requirements: EUGDPR Academy ; Business.com ; Digital Guardian ; EU Website . For those who want to read the actual 261 pages of the GDPR, you can find it here . Finally, for those who want to further investigate the roots of all this, the EU Directive of 2000 is here .

How to Tap Into the Rising Wave of Voluntourism

Voluntourism is a perfect opportunity for travel advisors.

Up to $500 instant savings with RIU Hotels & Resorts

Subscribe today to receive daily in-depth coverage, analysis of industry news, trends and issues that affect how you do business. Subscribe now for free.

Subscribe to TMR

MasterAdvisor 92: Why It's Difficult To Hire Staff And What Can You Do About It

The biggest barriers for bringing new talent into the travel industry.

The definition of luxury travel is constantly evolving, and so are the desires and expectations of luxury travelers. Luxury can mean so many things to so many different people, and narrowing the right definition and finding the right product, for your client is becoming more and more difficult every day.

TravelBrands Launches New Contact Center Solution for Advisors

TravelBrands collaborated with Local Measure to provide an enhanced contact center and telephony solution.

Video: Two Travel Advisors on Sailing the Drake Passage

How can travelers prep for sailing the Drake Passage?

MasterAdvisor 91: How To Find Polar Expedition Clients

What to know about the Arctic and Antarctic , and how to find clients right for those regions.

MasterAdvisor Session June 6th at 1pm: Why It's Difficult to Hire Staff and What Can You Do About It

Are you struggling to find the right candidates for your travel agency? You're not alone. There is a hiring crisis in the travel industry now, particularly for those agencies looking for qualified, or potentially qualified, candidates to join their travel agency. What can agency owners do and what tips do others have for finding the right candidates?

Data Privacy and the Travel Sector

Living reference work entry
Latest version View entry history
First Online: 27 August 2020
Cite this living reference work entry

Peter O’Connor 5

300 Accesses

1 Citations

Companies increasingly use technology to track their customers, exploiting the resulting insights to tailor the customer experience and better targeted online marketing. Travel companies in particular collect substantial customer data, both in their booking processes and through loyalty/reward programs. This voluntarily surrendered data is increasingly being supplemented with highly granular data on browsing and physical behavior, collected automatically and surreptitiously by technology-based systems. When consolidated with existing sources, this can be analyzed to reveal insights hitherto considered personal, resulting in increased concerns about privacy. Legislative restrictions are increasingly being introduced to regulate privacy protection. This chapter examines the implication of such developments for travel companies and the industry globally. While alternative approaches are considered, it pays particular attention to Europe’s GDPR, highlighting areas of concern and identifying the steps travel companies need to make to insure compliance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

The Price of Privacy

The Customer Fishbowl: Strategic Approaches to Customer Privacy

Aguirre E, Mahr D, Grewal D, de Ruyter K, Wetzels M (2015) Unravelling the personalization paradox: the effect of information collection and trust-building strategies on online advertisement effectiveness. J Retail 91(1):34–49

Google Scholar

Awad N, Krishnan M (2006) The personalization privacy paradox. MIS Q 30(1):13–28

Banks A (2019) Anniversary of EU data protection rules. https://www.eupoliticalreport.eu/anniversary-of-eu-data-protection-rules/ . Accessed 12 Aug 2019

Bilgihan A, Bujisic M (2014) The effect of website features in online relationship marketing: a case of online hotel booking. Electron Commer Res Appl 14(4):222–232. https://doi.org/10.1016/j.elerap.2014.09.001

Blanchette J-F, Johnson DG (2002) Data retention and the panoptic society: the social benefits of forgetfulness. Inf Soc 18:33–45

Boerman S, Kruikemeier S, Borgesius FZ (2017) Online behavioural advertising: a literature review and research agenda. J Advert 46(3):363–376

Bruce NI, Murthi BPS, Rao RC (2017) A dynamic model for digital advertising: the effects of creative format, message content, and targeting on engagement. J Mark Res 54:202–218

Charters D (2002) Electronic monitoring and privacy issues in business-marketing: the ethics of the DoubleClick experience. J Bus Ethics 35:243–252

Franklin J (2019) GDPR bites, and BA is the first victim. Int Financial Law Rev. https://www.iflr.com/article/b1lmxcbyc3bwp8/gdpr-bitesand-ba-is-the-first-victim

FTC (2019) FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook. https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions . Accessed 4 Sept 2019

Gilbert F (2008) Beacons, bugs and pixel tags. Do you comply with the FTC behavioural marketing principles and foreign law requirements? J Internet Law 11(11):3–10

Hoffman DL et al (1999) Information privacy in the marketspace: implications for the commercial uses of anonymity on the web. Inf Soc 15:129–139

Huang C, Goo J, Nam K, Yoo C (2017) Smart tourism technologies in travel planning: the role of exploration and exploitation. Inf Manag 54(6):757–770. https://doi.org/10.1016/j.im.2016.11.010

Jacobson R (2013) 2.5 quintillion bytes of data created every day. How does CPG & Retail manage it? https://www.ibm.com/blogs/insights-on-business/consumer-products/2-5-quintillion-bytes-of-data-created-every-day-how-does-cpg-retail-manage-it/

Jennings C, Fena L (2003) The hundredth window: protecting your privacy and security in the age of the internet. The Free Press, New York

Jensen C, Potts C, Jensen C (2005) Privacy practices of internet users: self-reports versus observed behaviour. Int J Hum Comput Stud 63:203–227

Johnson M, Christensen C, Kagermann H (2008) Reinvent your business model. Harv Bus Rev 87(12):51–59

Kabadayi S, Ali F, Choi H, Joosten H, Lu C (2019) Smart service experience in hospitality and tourism services: a conceptualization and future research agenda. J Serv Manag 30(3):326–348. https://doi.org/10.1108/JOSM-11-2018-0377

Kang C (2019) F.T.C. Approves Facebook Fine of About $5 Billion. https://www.nytimes.com/2019/07/12/technology/facebook-ftc-fine.html . Accessed 4 Sept 2019

Karaduman O (2017) The general data protection regulation: achieving compliance for EU and non-EU companies. Bus Law Int 18(3):225

Kelly M (2019) Google will pay $170 million for YouTube’s child privacy violations. https:// www.theverge.com/2019/9/4/20848949/google-ftc-youtube-child-privacy-violations-fine-170- milliion-coppa-ads . Accessed 6 Sept 2019

Kumar V, Gupta S (2016) Conceptualising the evolution and future of advertising. J Advert 45(3):302–17

Lee Larson J, Larson R, Greenlee J (2003) Privacy protection on the Internet. Strategic Finance 49–53

Lovejoy B (2018) Senator says US privacy law could reach draft form early next year. https://9to5mac.com/2018/11/28/us-privacy-law/ . Accessed 1 Feb 2019

McDonald A, Cranor L (2008) The cost of reading privacy policies. Inf Sci 4(3):543–567

Miedema T (2018) Consumer protection in cyber space and the ethics of stewardship. J Consum Policy 41(1):55–75

Milne G, Culnan M, Green H (2006) A longitudinal assessment of online privacy notice readability. J Public Policy Mark 25(2):238–249

Milne G, Bahl S, Rohm A (2008) Towards a framework for assessing covert marketing practices. J Public Policy Mark 27:57–62

Moore R, Moore M, Shanahan K, Mack B (2015) Creepy marketing: three dimensions of perceived excessive online privacy violations. Mark Manag 25(1):42–53

Morosan C, DeFranco A (2015) Disclosing personal information via hotel apps: a privacy calculus perspective. Int J Hosp Manag 47:120–130

Nabben P (2019) The GDPR: one year on. https://www.lexology.com/library/detail.aspx?g=c04317e4-4fc9-43b4-ab6d-bb19210c812d . Accessed 22 July 2019

O’Connor P (2005) Comparative analysis of international approaches to the protection of online privacy. Contemp Res E-Mark 2:347–364. https://doi.org/10.4018/978-1-59140-824-6.ch014

O’Connor P (2007) Online consumer privacy: an analysis of hotel company behaviour. Cornell Hotel Restaur Admin Q 48(1):183–200

Piccoli G, O’Connor P (2003) Customer relationship management: a driver for change in the structure of the U.S. lodging industry. Cornell Hotel Restaur Admin Q 44(4):61–73

Porter J (2019) British airways faces record-breaking GDPR fine after data breach. https:// www.theverge.com/2019/7/8/20685830/british-airways-data-breach-fine-information-commiss- ioners-oflce-gdpr . Accessed 10 July 2019

Rahimi R, Köseoglu M, Ersoy A, Okumus F (2017) Customer relationship management research in tourism and hospitality: a state-of-the-art. Tour Rev 72(2):209–220. https://doi.org/10.1108/TR-01-2017-0011

Reuters (2018) U.S. senator says privacy bill draft could come early next year. https://www.reuters.com/article/us-usa-ftc-congress/u-s-senator-says-privacy-bill-draft-could-come-early-next-year-idUSKCN1NX041 . Accessed 27 Dec 2018

Robles P (2019) Five things you need to know about the CCPA, California’s GDPR-like law. https://econsultancy.com/five-things-need-know-about-ccpa-californias-gdpr-like-law/ . Accessed 10 July 2019

Rust R, Kannan P, Peng N (2002) The customer economics of internet privacy. J Acad Mark Sci 30(4):455–464

Ryker R, LaFleur E et al (2002) Online privacy policies: an assessment of the fortune E-50. J Comput Inf Syst (Summer) 41(4):15–20

Scanlan L, McPhail J (2000) Forming service relationships with hotel business travelers: the critical attributes to improve retention. J Hosp Tour Res 24(4):491–513

Schweigert V-A, Geyer-Schulz A (2019) The impact of the general data protection regulation on the design and measurement of marketing activities: introducing permission marketing and tracking for improved marketing & CRM compliance with legal requirements. J Mark Dev Competitiveness 13(4):63–71. https://doi.org/10.33423/jmdc.v13i4.2352

Sheng W (2019) One year after GDPR, China strengthens personal data regulations, welcoming dedicated law. https://technode.com/2019/06/19/china-data-protections-law/ . Accessed 21 July 2019

Sipior JC, Ward BT, Mendoza RA (2011) Online privacy concerns associated with cookies, flash cookies, and web beacons. J Internet Commer 10:1–10

Squire Patton Boggs (2019) China’s Draft Data Security Measures and How They Compare to the GDPR. https://www.squirepattonboggs.com/en/insights/publications/2019/06/chinas-draft-data-security-measures-and-how-they-compare-to-the-gdpr . Accessed 20 July 2019

Stewarts (2019) What has been the global impact of the GDPR in its first year? https://www.ste wartslaw.com/news/what-has-been-the-global-impact-of-the-gdpr-in-its-first-year/ . Accessed 22 July 2019

Weinstein J (2019) Looming data protection fines. http://www.hotelsmag.com/Industry/News/Details/86509 . Accessed 4 Sept 2019

Westin AF (1967) Privacy and freedom. Atheneum, New York

Wharton (2019) Is data privacy real? Don’t bet on it. https://knowledge.wharton.upenn.edu/article/ data-privacy-real-dont-bet/?utm_source=kw_newsletter&utm_medium=email&utm_campaign= 2019-08-27. Accessed 7 Aug 2019

Wirtz J, Lwin M, Williams J (2007) Causes and consequences of consumer online privacy concern. Int J Serv Ind Manag 18:326–341

Xiang Z, Magnini V, Fesenmaier D (2015) Information technology and consumer behavior in travel and tourism: insights from travel planning using the internet. J Retail Consum Serv 22:244–249

Zwick D, Dholakia N (2001) Contrasting European and American approaches to privacy in electronic markets: property right vs civil right. Electron Mark 11(2)116–120

Download references

Author information

Authors and affiliations.

UniSA Business School, University of South Australia, Adelaide, Australia

Peter O’Connor

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter O’Connor .

Editor information

Editors and affiliations.

Department of Hospitality and Tourism Management, Virginia Polytechnic Institute and State University, Blacksburg, VA, USA

Zheng Xiang

Department of Tourism Studies and Geography, Mid Sweden University, Östersund, Sweden

Matthias Fuchs

Annenberg School for Communication and Journalism, University of Southern California, Los Angeles, CA, USA

Ulrike Gretzel

Department of Business Informatics, University of Applied Sciences Ravensburg-Weingarten, Weingarten, Germany

Wolfram Höpken

Section Editor information

The Howard Feiertag Department of Hospitality and Tourism Management, Virginia Polytechnic Institute and State University; Pamplin College of Business, 362 Wallace Hall, 295 W. Campus Dr, 24061, Blacksburg, VA, USA

Rights and permissions

Reprints and permissions

Copyright information

About this entry

Cite this entry.

O’Connor, P. (2020). Data Privacy and the Travel Sector. In: Xiang, Z., Fuchs, M., Gretzel, U., Höpken, W. (eds) Handbook of e-Tourism. Springer, Cham. https://doi.org/10.1007/978-3-030-05324-6_98-2

Download citation

DOI : https://doi.org/10.1007/978-3-030-05324-6_98-2

Published : 27 August 2020

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-05324-6

Online ISBN : 978-3-030-05324-6

eBook Packages : Springer Reference Business and Management Reference Module Humanities and Social Sciences Reference Module Business, Economics and Social Sciences

Publish with us

Policies and ethics

Chapter history

DOI: https://doi.org/10.1007/978-3-030-05324-6_98-2

DOI: https://doi.org/10.1007/978-3-030-05324-6_98-1

Find a journal
Track your research

Bahasa Indonesia
Eastern Europe
Moscow Oblast

Elektrostal

Elektrostal Localisation : Country Russia , Oblast Moscow Oblast . Available Information : Geographical coordinates , Population, Area, Altitude, Weather and Hotel . Nearby cities and villages : Noginsk , Pavlovsky Posad and Staraya Kupavna .

Information

Find all the information of Elektrostal or click on the section of your choice in the left menu.

Update data

Elektrostal Demography

Information on the people and the population of Elektrostal.

Elektrostal Geography

Geographic Information regarding City of Elektrostal .

Elektrostal Distance

Distance (in kilometers) between Elektrostal and the biggest cities of Russia.

Elektrostal Map

Locate simply the city of Elektrostal through the card, map and satellite image of the city.

Elektrostal Nearby cities and villages

Elektrostal weather.

Weather forecast for the next coming days and current time of Elektrostal.

Elektrostal Sunrise and sunset

Find below the times of sunrise and sunset calculated 7 days to Elektrostal.

Elektrostal Hotel

Our team has selected for you a list of hotel in Elektrostal classified by value for money. Book your hotel room at the best price.

Elektrostal Nearby

Below is a list of activities and point of interest in Elektrostal and its surroundings.

Elektrostal Page

Information /Russian-Federation--Moscow-Oblast--Elektrostal#info
Demography /Russian-Federation--Moscow-Oblast--Elektrostal#demo
Geography /Russian-Federation--Moscow-Oblast--Elektrostal#geo
Distance /Russian-Federation--Moscow-Oblast--Elektrostal#dist1
Map /Russian-Federation--Moscow-Oblast--Elektrostal#map
Nearby cities and villages /Russian-Federation--Moscow-Oblast--Elektrostal#dist2
Weather /Russian-Federation--Moscow-Oblast--Elektrostal#weather
Sunrise and sunset /Russian-Federation--Moscow-Oblast--Elektrostal#sun
Hotel /Russian-Federation--Moscow-Oblast--Elektrostal#hotel
Nearby /Russian-Federation--Moscow-Oblast--Elektrostal#around
Page /Russian-Federation--Moscow-Oblast--Elektrostal#page
Terms of Use
Copyright © 2024 DB-City - All rights reserved
Change Ad Consent Do not sell my data

Current time by city

For example, New York

Current time by country

For example, Japan

Time difference

For example, London

For example, Dubai

Coordinates

For example, Hong Kong

For example, Delhi

For example, Sydney

Geographic coordinates of Elektrostal, Moscow Oblast, Russia

City coordinates

Coordinates of Elektrostal in decimal degrees

Coordinates of elektrostal in degrees and decimal minutes, utm coordinates of elektrostal, geographic coordinate systems.

WGS 84 coordinate reference system is the latest revision of the World Geodetic System, which is used in mapping and navigation, including GPS satellite navigation system (the Global Positioning System).

Geographic coordinates (latitude and longitude) define a position on the Earth’s surface. Coordinates are angular units. The canonical form of latitude and longitude representation uses degrees (°), minutes (′), and seconds (″). GPS systems widely use coordinates in degrees and decimal minutes, or in decimal degrees.

Latitude varies from −90° to 90°. The latitude of the Equator is 0°; the latitude of the South Pole is −90°; the latitude of the North Pole is 90°. Positive latitude values correspond to the geographic locations north of the Equator (abbrev. N). Negative latitude values correspond to the geographic locations south of the Equator (abbrev. S).

Longitude is counted from the prime meridian ( IERS Reference Meridian for WGS 84) and varies from −180° to 180°. Positive longitude values correspond to the geographic locations east of the prime meridian (abbrev. E). Negative longitude values correspond to the geographic locations west of the prime meridian (abbrev. W).

UTM or Universal Transverse Mercator coordinate system divides the Earth’s surface into 60 longitudinal zones. The coordinates of a location within each zone are defined as a planar coordinate pair related to the intersection of the equator and the zone’s central meridian, and measured in meters.

Elevation above sea level is a measure of a geographic location’s height. We are using the global digital elevation model GTOPO30 .

Elektrostal , Moscow Oblast, Russia

Understanding GDPR and what it means for your travel programme

GDPR identifies three distinct categories over which it has power. A Data Subject is “a natural person whose personal data is processed by a controller or processor”. A Data Processor is “the entity that processes data on behalf of the Data Controller” whilst a Data Controller is “the entity that determines the purposes, conditions and means of the processing of personal data.”

Data processors will be subject to specific legal obligations and liabilities including the requirement to maintain records of personal data and processing activities. Data controllers are not relieved of their obligations where a processor is involved but remain subject to further obligations to ensure their contracts with processors are GDPR-compliant. “GDPR drives a data strategy which asks organisations to consider the right data, the right context and to do so in a way that is ethical, compliant and safeguards personal data as a fundamental human right,” says one industry commentator.

WHAT DOES GDPR MEAN FOR YOU?

In practical terms, travel managers and suppliers alike will need to know what data they hold on their travellers, why they’re holding it and for what purpose. As a result corporates could re-think their strategies to mine data from multiple, disparate sources, whilst initiatives to provide more choice in corporate travel programmes based on travellers’ personal preferences, could be affected. At the very least GDPR will bring greater complexity and add a new dimension to compliance monitoring.

GDPR also includes a ‘profiling’ regulation which requires organisations to inform consumers if profiling is taking place. Consider the number of times a TMC might up-date a regular traveller’s profile during the course of a year and you get an idea of the challenges this will create for TMCs who are banking on collecting a lot of data to personalise services.

Despite GDPR having been four years in the making, travel industry associations have been slow to establish their position on GDPR. The Association of Corporate Travel Executives (ACTE) is reaching out to its membership “to better understand how the GDPR is directly affecting them and the steps they’re taking to implement it, as well as provide a platform for suppliers and travel executives to share dialogue, knowledge and best practices in a complicated international regulatory environment.”

WHAT’S THE CHALLENGE?

The issues raised by the new legislation are as follows:

The data that powers all corporate travel programmes is crucial to buyers and suppliers alike. There are potentially multiple data security implications for each of the 190m business trips that will take place globally in 2017.
Every corporate/TMC, corporate/supplier and TMC/supplier will have to be reviewed to ensure that the data covered by the terms of that agreement is robustly protected.
Companies will have to re-learn respect for people’s data.
Everyone who touches travel data is affected by the legislation, forcing travel suppliers to implement strict compliance regimes.
GDPR is just one data law; more will follow from non-EU countries.

GDPR could also see the emergence of a new stakeholder into travel management. The boardroom could be very crowded once procurement, HR, and IT are joined by a new army of Data Protection Officers (DPOs). Over 75,0002 will be needed worldwide to police the GDPR - 28,000 in Europe and the US alone.

DON’T PANIC

So how well prepared is the travel industry? Associations and suppliers who have already fallen victim to data breaches as a result of hacking will be especially nervous.

Cybersecurity attackers are becoming more and more adept at affecting more systems and are unlikely to be restricted in their reach. Businesses were the target of 40% of cyber attacks in 2016. Over 200,000 computers in 150 countries were affected by the WannaCry malware in March 2017 including FedEx, Britain’s National Health Service, and Spanish telecom giant Telefonica3 Under the new legislation, a business could be fined €20 million or 4% of turnover – whichever is the greater – for a data privacy breach through loss or hacking.

As with anti-corruption and Duty of Care legislation, the companies that regard the new rules as simply an extension of business best practice, or common sense, will prevail. TMCs are used to working with clients whose businesses demand total confidentiality and robust security. GDPR simply formalises the responsibilities many global TMCs have been practicing for years. They already have the processes and systems in place to give their clients the required comfort that their data is in good hands.

WHAT HAPPENS NEXT?

The onus is on airlines, hotel and car rental companies, train operators and payment card providers to ensure that there processes are fully compliant, and to make that compliance transparent. For everyone in the supply chain, data privacy is as much about brand (and corporate) reputation.

The long term implications of GDPR and its international offspring may also be positive. Companies’ data strategies could become simpler and more streamlined as they clarify their objectives and focus on mining essential data only. The regulation won’t prevent brands from learning more about their customers and employees and using that knowledge to hone their products and policies. They are just going to have to be smarter in the ways they go about it, focussing only on the relevant. The alternative could be rather costly.

You may also be interested in...

7 Benefits of Booking Your Hotel with FCM Header Banner

Business travel: is it a cost or an investment?

How to comply with GDPR: recommendations for the travel industry

Contributors are not employed, compensated or governed by TDM, opinions and statements are from the contributor directly

The Altexsoft team offer their advice for the word everybody’s lips at the moment: GDPR. This post is a redacted version of their blog post and is republished with permission.

The main question is how the new data protection regulation will affect businesses. Travel companies will be directly affected thanks to the personal and sensitive data they gather and process. Every travel business works with users’ personal data and supplier information. In this article, we’ll discuss general positions and some specifics of the GDPR adoption in the travel industry.

What is the General Data Protection Regulation?

The GDPR sets rules relating to the protection of people’s fundamental rights and freedoms regarding the processing of personal data.

Enforcement date. The EU Parliament approved and adopted the GDPR on April 14, 2016. Regulation enforcement must be in place after a two-year transition period, on May 25, 2018.

The main goal. The GDPR’s main goal is to replace the Data Protection Directive 95/46/EC 1998 and to introduce a single data protection law that increases privacy for individuals by enforcing stronger security rules for companies that handle personal data.

The GDPR structure. The full text of the regulation includes 99 articles that contain the rights of individuals and obligations placed on organizations. A lot of the GDPR’s main principles are similar to those in the current Data Protection Directive.

If your business has already adopted Data Protection Directive principles, it will be a good starting point for implementation of the law. However, there are new elements and important enhancements. Most businesses need to adjust their processes in accordance with these changes.

Territorial scope. The regulation applies directly to all EU member states and doesn’t require any enabling legislation be passed by their governments.

The purpose. The purpose of the change is to give people easier access to their personal data that companies store, a new fining system, and a clear responsibility for the organizations to obtain consent from people whose information they collect.

Data protection officer. In some circumstances, companies need to appoint a data protection officer, who will be prepared for information requests from users. Data protection officers must respond to requests about the purpose of obtaining personal data and provide a copy of all user data if needed. Also, this role requires setting up the data deletion process.

What data the GDPR consider personal

From the travel industry aspect, personal data could include the following types and sources of information:

ID / Passport details: names, postal addresses, race, origin, biometric data;
Contact information: email addresses, telephone numbers;
Digital data: photographs and videos;
Sensitive data: financial and payment information;
HR records: current and former employee details.

Increasing territorial scope

Global online travel agents or, for instance, US airlines, will be directly regulated by the GDPR. For example, when an Emirates-based hotel sells to EU travel agents or third-party wholesalers based in Europe, it falls under the Regulation.

If you monitor the behavior of users who are located within the EU, such as flight destinations and hotel booking in France, you must comply with the requirements. This approach affects the use of web analytics tools, data collection and tracking for personalization and retargeting purposes. It also applies to website visits from users located in the EU, regardless of whether they are EU citizens or not.

Penalties system

The GDPR enforces extremely high penalties divided into two broad categories:

Upper level – up to €20 million or 4 percent of total worldwide annual global revenue for the latest financial year for major breaches. Compare this penalty amount with the corresponding data breach in 2012 , which can be considered a major one as 1,163,996 debit and credit card records were stolen from a travel agent. Back then, the fine amount was approximately $255,000.
Lower level – up to €10 million or 2 percent of total worldwide annual global revenue for the latest financial year for smaller breaches.

The regulator also has corrective functions:

The regulator can give a reprimand where the GDPR provisions were infringed.
The regulator can issue an order that certain behaviors must be corrected within a certain time.
Penalties will be used in addition to or instead of the regulatory corrective powers.

Rommendations for travel companies to prepare for GDPR

Create the new format for obtaining user consent.

New rules that apply to obtaining the consent:

Consent must be freely given, specific, informed, and unambiguous.
Companies must present the consent in easily accessible form that is written in clear language.
The consent can’t be inferred from silence, visiting, and continuing to browse a website. It also needs to be separated from other terms and conditions. The user must complete an affirmative action. The best approach is to create a click with an opt-in box.
If you gather information about users via cookies, you should give them the opportunity to accept or reject them.
If a user changes their mind, they also must be able to access settings menus to update their preferences.

Personal information collected about users for one purpose can’t be used for a different one.

Travel industry perspective. All airline websites collect email addresses so they can send an e-ticket. Usually, the purpose of acquiring these emails is clear. But airlines must ask for the explicit consent again if they were to use this data for email campaigns.

The same with hotels, if a user gives the consent to collect data to make a hotel booking, the data can’t be used for marketing purposes because the consent for such usage wasn’t given. The best way to contact your customers for consent is to include multiple tick boxes for each type of consent you need.

Travel services, from airport parking lots to hotel room bookings, must explain to customers why they are capturing their personal data, who is requesting that data, and who else will have the access to it.

Audit the data you store

It’s important to determine what consent you have been obtaining for this information. Was it explicit, or not? Do you provide security measures to protect the data from a breach? The Information Commissioner’s Office (ICO) – the UK’s independent body created to uphold information rights – has a helpful checklist on its website for companies to assess how well they are prepared for the GDPR rules.

Booking.com, the largest flight, and accommodation OTA, collects a broad spectrum of personal details, including names, travel purposes (leisure or work), travel with children, emails, payment data, etc.

The Regulation requires communicating clear purposes of information use. To achieve that, travel companies – especially those collecting data for sophisticated personalization – must organize an information audit.

Review existing contracts

OTAs send personal data to hotels, other accommodation providers, car rental services, and airlines that may be within or beyond the EU, but still render services to EU citizens.

On the other hand, if your partners purchase the data from you, they must explain how they plan to secure and keep it up-to-date as well as explain to individuals where and how they have obtained the data.

Be ready to respond to user requests

According to regulation rules, all users have the right to ask companies:

List the data stored with them;
Define data collection purposes and uses cases;
Outline the time period for which the personal data will be stored;
Send a copy of all their data that is held;
Delete the data about them.

Each company is obligated to supply this information and process such requests.

Some of these requests can be addressed autonomously. Virgin America (recently purchased by Alaska Airlines), for instance, allows for deleting some part personal information via an individual user profile.

Source: Alaska Airlines

Adapt your personalization processes

If we look at the regulation requirements from the travel standpoint, it could be considered a new opportunity to personalize. Holiday offers, low-cost airlines tickets, or comfortable hotel service suggestions motivate people. Most customers are interested in sharing their personal data to have better, and more personalized service as a result.

If travel companies manage to introduce clear communication and allow travelers to shape promoted travel offers, there will be a real value in meaningful and up-to-date personalization.

Appoint a data protection officer

According to the GDPR, organizations must appoint a data protection officer (DPO) in some circumstances. Specifically, the appointment of a DPO is mandatory when:

The organization is a public authority or body.
The organization engages in regular and systematic monitoring of individuals on a large scale, for instance, online behavior tracking.
The organizations that engage in large scale processing of special categories of data (sensitive personal data) or data relating to criminal convictions and offenses.

There is no exception for small and medium-sized companies. However, each EU country can individually determine the other cases in which they must appoint a DPO.

The DPO could be an existing staff member who takes the responsibility for data protection compliance or companies can hire an external expert for this role.

If you run a local tours service that doesn’t collect any personal data besides emails and you don’t systematically face European tourists, it’s likely that you don’t need a DPO just yet. However, if you operate an OTA that processes global user data, a DPO is necessary.

Enable data breach notifications

As OTAs, hotels, and airlines collect and store much of identifying personal data, from names to children’s information, ensuring the right response to breaches becomes critical.

Give users access to the personal data you stored about them

Foursquare succeeds at communicating the purposes of data use and providing control over personal data.

Partly, this requirement can be met with introducing special privacy sections in user account settings. Similar to the Foursquare example above, users can have access to data categories and must be able to turn on or off some data collection processes.

Ensure portability of the data you store

Users also have the right to request transmission of the data directly to other organizations. However, this doesn’t mean you should adapt your processing systems to be compatible with other organizations.

If you operate a hotel business, it’s likely that you store personal data in a property management system. Be sure your software can export data in csv or xlsx.

While the GDPR will definitely affect almost all travel industry players, it could be an opportunity rather than a threat. It nudges travel businesses to build trustful relationships with customers providing valuable propositions to them.

To build such relationships you must ensure that your customers understand why the data is collected. And, remember, they are likely to provide more data to get better personalization. If you use the collected data effectively, your customer will receive more personalized propositions and as a result, be motivated to make the purchase.

Car rental APIs: Integrations with GDSs, OTAs and tech providers

Hotel channel managers: Key providers and how to choose one

Hotel revenue management: Solutions, best practices and revenue managers’ roles

Travel agency software: Choosing tools for booking, accounting, marketing, and tour…

Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you design and create an advertising campaign

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Yes, contact me I want to download the media kit

Comments are closed.

LATEST STORIES

TDM interviews Deepak Ohri, Founder & CEO at Luxury Atelier Maison Happiness (LAMH) & Management Asia

TDM interviews Carlos Munoz, Chief Commercial Officer HBX

TDM interviews Pippa Williamson, Vice President Commercial Hotelbeds

Farnborough Airport completes £3 million state-of-the-art security upgrade

Welcome, Login to your account.

Recover your password.

A password will be e-mailed to you.

Welcome back, Log in to your account.

Be part of our community of seasoned travel and hospitality industry professionals from all over the world.

LOGIN / SIGN UP
Middle East
UK & Europe
USA & Canada
Hospitality
HR & Careers
Luxury Travel
MICE (Meetings, Incentives, Conferencing, Exhibitions)
Travel Tech
Travel Agents
Airlines / Airports
Conferences
Cruising (Ocean)
Cruising (River)
Destination Management (DMC)
Hotels & Resorts
Hotel Management Company
Hotel Technology
HR / Appointments
Meetings, Incentives, Conferencing, Exhibitions (MICE)
Travel Agents (all)
Travel Technology
Tourism Boards
TDM Travel Show
Industry appointments
Travel Bloggers
Podcasts – Features
How to join
RSVP Portal
Event Photos/Videos
Competitions
Travel Club
Middle East September 2024
Thailand October 2024
Destination NaJomtien BanAmphur BangSaray *NEW*
จุดหมายปลายทาง นาจอมเทียน หาดบ้านอำเภอ บางเสร่ *NEW*
South Australia Reward Wonders *NEW*
Ponant Yacht Cruises and Expeditions
Encore Tickets (Chinese Guide)
Affordable Luxury in Thailand by Centara Hotels
Rising Above the Oridinary by Conrad Bangkok
The Best of Thailand
Who is IWTA
Philippines
Recommend Someone
Recommend yourself
IWTA Awards

IMAGES

How to Comply with GDPR: Recommendations for Travel Industry
GDPR for Travel Companies + FREE GDPR Framework
GDPR
How will GDPR affect Tour Operators, DMCs and Travel Agents?
Understanding GDPR Data Controller in 5 easy steps
GDPR Statement of Compliance

VIDEO

THE BEST FREE WALKING TOURS in Europe
Top Travel Predictions for 2024 pt.2
Kako se boriti s GDPRom u email marketingu?
GDPR
Ameca at #mwc24
Travel Agency Promo Video

COMMENTS

Complying with GDPR: Are you a 'controller' or a 'processor?'
It contains an Example No. 7, which states, "A travel agency sends personal data of its customers to the airlines and a chain of hotels, with a view to making reservations for a travel package.
PDF Corporate Traveller's role as data controller for purposes of the
as a controller The GDPR imposes substantive risks and obligations on data controllers. When outsourcing their corporate travel, by contracting the services of an expert travel management company that operates as an independent controller, our clients benefit from the fact that these risks and obligations are necessarily assumed by CT.
How to Comply with GDPR: Recommendations for Travel Industry
The GDPR applies to the personal data processing by the controller or processor establishment in the European Union, regardless of whether the processing takes place in the Union or not. Ultimately, the change applies to almost all travel companies that offer products and services in Europe and process personal data of EU citizens as well as ...
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
Guidelines 07/2020 on the concepts of controller and processor in the GDPR. 7 July 2021. Final version See the First version of this publication drafted before public consultation. Guidelines 07/2020 839.6KB ... (GDPR) 3 June 2024. Publication Type: Opinion of the Board (Art. 64)
PDF UPERVISOR
considered as a separate controller. In that example, a travel agency sends personal data of its customers to an airline and a chain of hotels for booking purposes. The travel agency, airline ... of personal data on behalf of the controller within the meaning of the GDPR and the Regulation. In practice, services in which the processing of ...
PDF Corporate Traveller's role as data controller for purposes of the
with specialisation in the travel industry. Defining controllers and processors personal data, as well as the purpose or outcome under GDPR The roles of controller and processor are defined within Article 4 GDPR. A controller is an individual or entity which alone or jointly with others determines the purposes and means of the processing of ...
We examine how GDPR impacts the travel industry
In brief, GDPR covers the personal data privacy rights of citizens of the European Union and European Economic Area. It touches on a range of topics, including. What counts as personal data, People's right to be forgotten, or demand the deletion of their data, and. People's right to request their personal data from the companies that store it.
Understanding the New GDPR for Travel Companies
The GDPR sets rules relating to the protection of people's fundamental rights and freedoms regarding the processing of personal data. Under the European Charter of Fundamental Rights Article 8 (1), the protection of natural persons with regard to the processing of personal data is a fundamental right. Prior to the GDPR, this right was ...
Understanding GDPR and what it means for your travel programme
GDPR is just one data law; more will follow from non-EU countries. GDPR could also see the emergence of a new stakeholder into travel management. The boardroom could be very crowded once procurement, HR, and IT are joined by a new army of Data Protection Officers (DPOs). Over 75,0002 will be needed worldwide to police the GDPR - 28,000 in ...
What do travel companies need to know about data protection?
Blake Morgan has a number of experienced lawyers able to deliver succinct and pragmatic advice to travel companies, and individuals, on the topic of data protection. Our services include: • Advice relating to data protection and GDPR compliance. • Dealing with data breaches and breach notifications. • Data protection impact assessments ...
How Will GDPR Impact the Travel Industry?
Travel companies have to work in line with those conditions for compliance purposes. The GDPR rules that govern how companies should obtain consent state that: Consent must be freely given, specific, informed, and unambiguous. Companies must present the consent in an easily accessible format, written in clear language.
GDPR and the Travel Agent
GDPR Tips for the Travel Agent. You know what they say: do something good for a customer and they'll tell about 5 people. Do something bad, however, and they're more likely to tell 25! So, when it comes to safeguarding people's personal and sensitive data, it's worth getting it right. Otherwise, they can tend to get a little, well ...
What is GDPR and How Does it Affect the Travel Industry?
General Data Protection Regulation, or GDPR, gives EU consumers the right to know, understand, and consent to the data companies that collect data about them was an EU legislative change that came into effect back in May 2018. GDPR aims to give control to citizens and residents by unifying the regulation within the EU.
How to Comply with GDPR: Recommendations for the Travel Industry
Compare this penalty amount with the corresponding data breach in 2012, which can be considered a major one as 1,163,996 debit and credit card records were stolen from a travel agent. Back then ...
EDPB publishes draft guidelines on controllers and processors
A travel agency, airline provider and hotel chain. share data for reservations purposes and ; b. set up a common internet platform with the common purpose of offering package travel deals. ... Processors take note: the absence of a DPA would not constitute a breach of the GDPR by the controller alone. The processor would also be non-compliant ...
EU's New General Data Protection Regulation Will Impact U.S. Travel
On May 25, the new European Union General Data Protection Regulation (GDPR) will take effect. The stated purpose of the regulation, which has the force of law in the EU, is to protect the data of ...
Data Privacy and the Travel Sector
Data has been described as the lifeblood of the travel industry, as without it the sector could not function (Xiang et al. 2015).On the front end, detailed, topical, and accurate data is needed to allow customers to choose between the myriad of options available to find the travel product most adapted to their needs (Bilgihan and Bujisic 2014), while on the back end, detailed personal ...
Elektrostal
In 1938, it was granted town status. [citation needed]Administrative and municipal status. Within the framework of administrative divisions, it is incorporated as Elektrostal City Under Oblast Jurisdiction—an administrative unit with the status equal to that of the districts. As a municipal division, Elektrostal City Under Oblast Jurisdiction is incorporated as Elektrostal Urban Okrug.
Elektrostal, Russia Weather Conditions
Elektrostal Weather Forecasts. Weather Underground provides local & long-range weather forecasts, weatherreports, maps & tropical weather conditions for the Elektrostal area.
Elektrostal, Moscow Oblast, Russia
Elektrostal Geography. Geographic Information regarding City of Elektrostal. Elektrostal Geographical coordinates. Latitude: 55.8, Longitude: 38.45. 55° 48′ 0″ North, 38° 27′ 0″ East. Elektrostal Area. 4,951 hectares. 49.51 km² (19.12 sq mi) Elektrostal Altitude.
Geographic coordinates of Elektrostal, Moscow Oblast, Russia
Geographic coordinates of Elektrostal, Moscow Oblast, Russia in WGS 84 coordinate system which is a standard in cartography, geodesy, and navigation, including Global Positioning System (GPS). Latitude of Elektrostal, longitude of Elektrostal, elevation above sea level of Elektrostal.
Understanding GDPR and what it means for your travel programme
GDPR is just one data law; more will follow from non-EU countries. GDPR could also see the emergence of a new stakeholder into travel management. The boardroom could be very crowded once procurement, HR, and IT are joined by a new army of Data Protection Officers (DPOs). Over 75,0002 will be needed worldwide to police the GDPR - 28,000 in ...
How to comply with GDPR: recommendations for the travel industry
Compare this penalty amount with the corresponding data breach in 2012, which can be considered a major one as 1,163,996 debit and credit card records were stolen from a travel agent. Back then ...

How to Comply with GDPR: Recommendations for the Travel Industry

What is the General Data Protection Regulation or GDPR?

What data the GDPR consider personal

Increasing territorial scope

Penalties system

Practical recommendations for travel companies to prepare for GDPR

Audit the data you store

Review existing contracts

Be ready to respond to user requests

Adapt your personalization processes

Appoint a Data Protection Officer

Enable data breach notifications

Give users access to the personal data you stored about them

Ensure portability of the data you store

Guidelines 07/2020 on the concepts of controller and processor in the GDPR

Understanding the New GDPR for Travel Companies

What do travel companies need to know about data protection?

Data Protection Breaches

How Blake Morgan Can Help?

GDPR and the Travel Agent

This Month: The Travel Agent…

Dear Travel Agent…

GDPR Tips for the Travel Agent

Remember that you’re both a data controller and a data processor.

Be clear on why you’re processing someone’s data and how much you need.

Just be careful!

Only buy in or accept data lists once you’ve carried out some proper due diligence.

You need good reason to follow-up with people and retain their details.

In-the-Know… Summary

Help and support is only a quick email away

Latest News & Events

Contact Databasix

Search Travel Market Report

EU's New General Data Protection Regulation Will Impact U.S. Travel Agencies

How to Tap Into the Rising Wave of Voluntourism

Data Privacy and the Travel Sector

Access this chapter

Similar content being viewed by others

The Price of Privacy

The Customer Fishbowl: Strategic Approaches to Customer Privacy

Author information

Corresponding author

Editor information

Section Editor information

Rights and permissions

Copyright information

About this entry

Download citation

Chapter history

Elektrostal

Information

Elektrostal Demography

Elektrostal Geography

Elektrostal Distance

Elektrostal Map

Elektrostal Nearby cities and villages

Elektrostal Sunrise and sunset

Elektrostal Hotel

Elektrostal Nearby

Elektrostal Page

Geographic coordinates of Elektrostal, Moscow Oblast, Russia

Coordinates of Elektrostal in decimal degrees

Elektrostal , Moscow Oblast, Russia

Understanding GDPR and what it means for your travel programme

WHAT DOES GDPR MEAN FOR YOU?

WHAT’S THE CHALLENGE?

DON’T PANIC

WHAT HAPPENS NEXT?

You may also be interested in...

Business travel: is it a cost or an investment?

How to comply with GDPR: recommendations for the travel industry

What is the General Data Protection Regulation?

What data the GDPR consider personal

Increasing territorial scope

Penalties system

Rommendations for travel companies to prepare for GDPR

Audit the data you store

Review existing contracts

Be ready to respond to user requests

Adapt your personalization processes