The rules, introduced on May 25, cover the collection of data including names, photos, email addresses, bank details, social networking posts, medical information and computer IP addresses. GDPR replaces the 1995 Data Protection Directive.
Among the changes is a ban on “illegible” terms and conditions and a requirement to inform regulators of data breaches within 72 hours. Benefits for consumers include a right to be “forgotten”, data portability and a ban on fees for those asking to see information held on them.
GDPR will operate in tandem with the Privacy and Electronic Communications Regulations (PECR), which bans marketing emails or texts without consent.
David Moon, head of business development at Advantage, said: “[Members say] they have struggled to interpret the GDPR into practical actions. The changes to marketing practices, specifically relating to consent, have caused confusion, especially when they need to get their head around not just the GDPR, but also PECR and how the two work with each other.”
The Travel Network Group (TTNG) chief executive Gary Lewis said GDPR was a “mind change”, but added: “Customers will drive issues rather than the regulators, to begin with.
“Members should not be worried about the regulators at this stage, but about how they deal with customers if they ask to be removed from their database – how they ensure that happens and how they can demonstrate that policy if asked.”
He added: “It’s not as scary as they might perceive it to be.”
TTNG is staging a series of GDPR seminars led by specialist accountants Moore Stephens.
Advantage has also held seminars, prepared business travel and leisure case studies and has a
Facebook group. It offers members a cyber security and privacy insurance on the consequences of a data breach.
Cherie Richards, commercial director, The Global Travel Group, said: “We have been sharing advice and guidance with our members for some time. At one of the recent Global Gathering events held for members at venues across the UK, we held a Q&A session to ensure members are GDPR ready.”
