Protecting consumer data has always been important, but as laws change, your organization has to rethink its practices. If you’re in the business travel industry, then understanding how the EU’s General Data Protection Regulation, or GDPR, works is imperative to your success.
What makes the GDPR so vital for travel companies and corporate travel departments alike? Here’s what to know about successfully navigating the regulatory landscape.
What Is the GDPR?
The GDPR is a landmark 2016 law that’s too lengthy for most people to read through, besides most of us are already familiar with it. In brief, GDPR covers the personal data privacy rights of citizens of the European Union and European Economic Area. It touches on a range of topics, including
- What counts as personal data,
- People’s right to be forgotten, or demand the deletion of their data, and
- People’s right to request their personal data from the companies that store it.
One of the most important aspects of the GDPR is that unlike earlier privacy laws, it explicitly defines several responsibilities for data controllers, or the companies that transmit, store, process and use personal information. Among other things, companies need to ensure that they
- Create systems that intentionally include privacy features by design — not as afterthoughts
- Maintain GDPR compliance governance systems
- Adhere to strict terms when requesting consent to use data.
How the GDPR Directly Impacts the Business Travel Community
Why does all of this matter for business travel booking agencies and corporate travel departments? The GDPR has direct relevance on your operations because unless you’re living in some funky time warp where nobody uses computers, everything you do depends on the transmission and storage of data. From booking to billing, your organization routinely processes the kind of information that GDPR rules govern.
GDPR Compliance and Your Firm
Compliance can be particularly troublesome for the business travel industry. For instance, you contract with an external partner that provides white-label online booking portals or digital traveler’s insurance policies. The GDPR doesn’t excuse you from responsibility just because someone else is in charge of the technical nitty-gritty — your compliance governance practices must ensure that all of your third-party providers also follow the rules.
Remember that the GDPR still applies even if you aren’t living in the EU or Great Britain. If any of your clients are EU or GB citizens, then you need to comply.
If the scope of the law doesn’t have you convinced, then the potential penalties certainly should. Failing to protect someone’s data or promptly notify them of a breach could cost you as much as $23 million or four percent of your annual net sales.
The Realities of Data Security
One smart way to strengthen your security stance is to consider how data breaches typically occur and focus on defending those areas. Here are some vulnerabilities to watch out for:
- Employee errors are among the most common sources of attacks.
- Unsecured mobile devices and lax bring-your-own-device policies can dramatically increase the chances that attackers might find a way around your defenses.
- Cloud storage companies and other third-party service providers that fail to manage their security properly can expose your entire organization to threats that are hard to detect.
- Malicious attacks account for a significant portion of breaches, and they lead to some of the costliest fallout.
Fortify Your Stance With Trondent’s ProFILER Express
Complying with GDPR is a lot easier when you have the right tools. Trondent’s ProFILER Express is a web-based management solution that helps you follow the rules to better protect your users and clients.
Trondent has always taken data security very seriously and strongly believes in the principles and goals of GDPR. With Trondent, your traveler is always in control of their information. They choose what they want to share, and they retain access to it. The system also restricts its data collection to exclude information that isn’t strictly necessary for travel.
Trondent controls the flow of personal information to keep you compliant with changing laws. Whenever the regulations — or your privacy and security statements — change or are updated?, the next time the traveler logs into his/her profile, the software automatically asks the user for their consent and generates a timestamped record of their agreement. Once it’s in the system, their data only gets synced to known, trustworthy targets such as the third-party providers you’ve vetted. If the traveler wants to be forgotten, their information is erased from all sources simultaneously. Thanks to a comprehensive HR feed system and reporting framework, you always know exactly where you stand and how to tackle problems, such as expired documents, inaccurate employee lists
Business travel is supposed to take you places, not hold you back. Trondent ProFILER Express features secure encryption, efficient breach notification functions and a host of other tools that make it simpler to follow the rules. Explore how a fully GDPR-compliant profile management system can make business travel more secure by getting in touch with a Trondent expert.