Over a quarter of managers will be employing the services of a Travel Management Company to protect their travelling staff’s personal data after the General Data Protection Regulation (GDPR) comes into force on 25-May-2018, according to new findings from ABTA – the Travel Association.
The research, conducted for ABTA by Censuswide, looks at the steps businesses will take to protect staff’s data when travelling for work, with 28% saying that they will employ the services of a Travel Management Company and ensure all travel is booked only with agreed suppliers within the travel policy.
“Properly prepared TMCs have an incredibly important role to play with businesses looking to them to help protect their data – and it also creates a great business opportunity too,” says Susan Deer, senior solicitor at ABTA.
With almost a third (32%) stating that they don’t know what steps they will be taking to protect their travelling staff’s data – ABTA notes that there is an opportunity for TMCs to demonstrate that they can help to provide this protection.
When asked what criteria they used when selecting a TMC, 90% of managers stated that it was very important or important that they were confident a TMC had the correct processes and systems in place to manage data.
GDPR is a European regulation that will require companies to have clearer and more robust processes in place when handling personal data relating to their customers, their staff or other persons who come into contact with their business and will impact the how businesses collect, use, manage and store their customers’ and employees’ personal data.
This is particularly important for the travel industry where there are often multiple uses for data and multiple channels for collecting it too. Similarly, travel companies collect and share customer information with suppliers, often overseas, for booking purposes, so businesses will have to review existing contracts with third-party suppliers.
Breaches of the GDPR could affect an organisation’s brand through negative publicity and it could also lead to criminal proceedings. The consequences of non-compliance with the new GDPR could mean fines of up to EUR20,000,000 or 4% of annual turnover.
A new key principle in GDPR is accountability – it’s no longer enough to comply with data protection laws, businesses must demonstrate how they meet the new regulation. However, Simon Bunce, director of legal affairs at ABTA says GDPR “is an evolution in the way that data is protected, rather than a revolution”.
GDPR is described by the European Union as the most important change in data privacy regulation in 20 years and replaces the Data Protection Directive 95/46/EC. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14-April-2016 and designed to harmonise data privacy laws across Europe.