First Published on 6th April, 2018
Ai Editorial: In the wake of recent concerns related to data privacy or even ongoing cases pertaining to a breach, leak or attack on personal data, it is imperative for travel companies to take a stringent action, writes Ai’s Ritesh Gupta
The significance of a company-owned core data asset can’t be undermined, but this also means there is an additional onus on travel companies to look at critical areas, be it for privacy of customers, data privacy laws or even the action that needs to be taken in case there is a breach, leak or attack on personal data.
This would be a key topic of discussion at the upcoming 12th edition of Ai’s Ancillary Merchandising Conference, slated to be held next week in Edinburgh, Scotland. Considering the recent incidents such as the fiasco featuring Facebook and Cambridge Analytica or The General Data Protection Regulation or GDPR (the deadline for compliance is May 25th, 2018), travel companies have to ensure they abide by data protection rules across Europe or other parts of the world.
Getting the basics right
Here are some of the areas that need to be taken care of:
Responsibility towards travellers: Travel companies need to provide consumers with control over how their data is used. It is time travel companies find ways to request, receive and capture customer consent to the use of their personal data.
In fact, in case of the GDPR, coverage of legal bases must feature a “freely given, specific, informed and unambiguous consent by clear affirmative action”, and also a right to withdraw consent, which must be brought to their attention. In case of GDPR, there is a need for explicit and informed consent from EU residents for collecting and using their personal data.
In case of a customer data platform, as we highlighted in one of our recent articles, travel companies need to be aware of registered consent when accessing customer data (so data coming from any touchpoint and system, the related computation or processing of data is to be done in sync with consent, assess how the data is being used, what data is being used and for how long that data can be used), address data audits in a speedy, exhaustive manner (say who has been accessing data) and ensure there is consent across all touchpoints (including integration with consent registration databases). The core data asset, say a customer data platform, needs to collect, manage, and store personal data responsibly. This is where the upcoming regulation, GDPR, comes in.
Understanding the responsibility as an enterprise: Other than consent, organizations need to assess several other areas. And here also, GDPR, is an apt benchmark to assess the preparedness.
Other recent articles on GDPR: