Ai Editorial: Why having a core data asset isn’t enough?

First Published on 6th April, 2018

Ai Editorial: In the wake of recent concerns related to data privacy or even ongoing cases pertaining to a breach, leak or attack on personal data, it is imperative for travel companies to take a stringent action, writes Ai’s Ritesh Gupta

 

The significance of a company-owned core data asset can’t be undermined, but this also means there is an additional onus on travel companies to look at critical areas, be it for privacy of customers, data privacy laws or even the action that needs to be taken in case there is a breach, leak or attack on personal data.

This would be a key topic of discussion at the upcoming 12th edition of Ai’s Ancillary Merchandising Conference, slated to be held next week in Edinburgh, Scotland. Considering the recent incidents such as the fiasco featuring Facebook and Cambridge Analytica or The General Data Protection Regulation or GDPR (the deadline for compliance is May 25th, 2018), travel companies have to ensure they abide by data protection rules across Europe or other parts of the world.

Getting the basics right

Here are some of the areas that need to be taken care of:

Responsibility towards travellers: Travel companies need to provide consumers with control over how their data is used. It is time travel companies find ways to request, receive and capture customer consent to the use of their personal data.

In fact, in case of the GDPR, coverage of legal bases must feature a “freely given, specific, informed and unambiguous consent by clear affirmative action”, and also a right to withdraw consent, which must be brought to their attention. In case of GDPR, there is a need for explicit and informed consent from EU residents for collecting and using their personal data.

In case of a customer data platform, as we highlighted in one of our recent articles, travel companies need to be aware of registered consent when accessing customer data (so data coming from any touchpoint and system, the related computation or processing of data is to be done in sync with consent, assess how the data is being used, what data is being used and for how long that data can be used), address data audits in a speedy, exhaustive manner (say who has been accessing data) and ensure there is consent across all touchpoints (including integration with consent registration databases). The core data asset, say a customer data platform, needs to collect, manage, and store personal data responsibly. This is where the upcoming regulation, GDPR, comes in.

(Hear from experts about GDPR at the upcoming Ancillary Merchandising Conference, to be held in Edinburgh, Scotland this year (9-11 April, 2018). For more info, click here)

Understanding the responsibility as an enterprise: Other than consent, organizations need to assess several other areas. And here also, GDPR, is an apt benchmark to assess the preparedness.

  • What is the definition of personal data?
  • Who all are liable, for instance, GDPR extends liability to all organizations that touch personal data.
  • Understand the implications of being checklist for data controllers and data processors. What’s the checklist? For instance, as explained in the GDPR, controllers have to adhere to compliance measures to cover how data is collected, its use, the tenure for which the same is going to be retained and making sure consumers have a right to access the data held about them. As for data processors, controllers must bind them to certain contractual commitments to ensure that data is processed safely and legally.   
  • Processing must be paused if objection is raised by an individual.
  • What is an organization is probed/ summoned/ asked to perform a data audit for a specific customer?
  • How can a customer data platform help in making the most of the available data while complying with both the contractual and technical challenges posed by GDPR?

 

Other recent articles on GDPR:

Ai Editorial: As trust around “personal data” wanes, hopes hinge on a stringent regulation

Ai Editorial: How is your GDPR transformation process coming along?

 

 

 

 

 

 

 

Editorials

  • Ai Editorial: A methodical approach to digitalization – how to achieve tangible results? +

    First Published on 17th July, 2018 Ai Editorial: Team effort and an iterative and phased approach have stood out in the way the likes of JetBlue, Lufthansa and Ryanair have Read More
  • Ai Video: Is technology inhibiting the UX of airlines’ digital assets? +

    First Published on 13th July, 2018 Majority of airlines are not agile enough and most are not willing to fail fast, thus they will always be behind until they change their Read More
  • Ai Editorial: Selling via a digital retail platform - how Ryanair is setting a new benchmark in travel? +

      First Published on 10th July, 2018 Ai Editorial: Why selling via a digital retail platform is an attractive proposition? Airlines can learn from Amazon about how to leverage economies Read More
  • 1
  • 2
  • 3
  • 4
  • 5