This page contains a Flash digital edition of a book.
“GDPR, although costly, will increase the seriousness with which data is handled”


robust and secure travel service value chain for corporates, travellers and service providers.” Yet many companies are unsure about


what they need to be doing to prepare for GDPR. There’s a myriad of surveys showing how unprepared companies are. The practi- cal scope and potential implication for this legislation are also still in debate involving regulators, trade bodies and privacy lawyers. The Institute of Travel Management


(ITM) says it is in the process of speaking with its members and Industry Affairs Group to establish their position on GDPR. Greeley Koch, executive director of the Association of Corporate Travel Executives (ACTE), says: “We’re reaching out to the ACTE community to better understand how the GDPR is directly affecting them


and the steps they’re taking to imple- ment it, as well as provide a platform for suppliers and travel executives to share dialogue, knowledge and best practices in a complicated international regulatory environment.” The task is not to be underestimated. At


least 75,000 new data protection officers (DPOs) will be needed worldwide in the coming years in response to this EU law, ac- cording to the International Association of Privacy Professionals. In total, 28,000 DPOs will be needed in Europe and the US alone. It is increasingly apparent that GDPR


compliance needs a holistic and integrated approach. This involves many stakeholders, processes and technology, all of which need to talk to one another. One travel manager said that they thought it was not their issue


but that of their IT department. But this is not the case. Travel managers and suppliers, IT,


privacy, digital protection officers, the board, business and security professionals must all get involved and take a proactive approach if companies are to be compliant. Certainly, people need to act less in silos and realise everyone has a vested interest to make information governance work. In many ways, who owns the issue is the issue – and with this new legislation, it is everyone. “I think that GDPR, although costly


and onerous, will definitely increase the seriousness with which data is handled,” says Boatwright. “I believe that as this legisla- tion settles, a market will grow around it to provide tools to make dealing with it easier and more accessible.” There’s no doubt that the business of data


will never be the same again and now the clock is ticking down to May next year.


Q&A with ABTA on GDPR


BBT spoke with SIMON BUNCE, director of legal affairs at the Association of British Travel Agents about this new regulation.


What issues does GDPR raise for the managed travel sector? We can expect everyone to demand higher levels of security and compliance following the introduction of the law and any perceived weakness in this area will damage trust. The biggest priority now is having a good awareness of this EU regulation and having the organisational capacity to start making changes in time for its introduction in May next year.


What is involved exactly? We are directing people to the ICO’s 12 steps to take guidance document. We’re raising awareness about the data that organisations hold and why they have it; how they


BUYINGBUSINESSTRAVEL.COM


protect it; how long they hold it for; and what they tell the data subjects about the data they hold.


What do the changes mean for business travellers and their data? The ICO has referred to ‘surprise minimisation’ as being watchwords for companies that deal with personal data – people should not be surprised that you have their data or how you use that data. These are good principles for companies to adopt and they require all parts of the business to have a deep understanding of why data is held and how it can be used.


What are the consequences of GDPR as a law in terms of trust and accountability? You need to have confidence that data is held securely and used only for the purposes necessary for the agreed services. This will


be increasingly important to all business customers. The wider picture of GDPR is reassuring customers to trust your brand; If data protection and security is handled badly, it can be very damaging to a brand.


Everyone in the travel supply chain will have a higher risk profile. How can this be managed?


The contracts that sit behind the travel supply chain will need to be reviewed to ensure that they provide sufficient protection for the data that passes along that chain. Having effective contractual controls, as well as monitoring processes to ensure


compliance will be a necessary part of travel contracting.


BBT July/August 2017 57


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104