5 January 2018
Guest Post: Don’t Believe Everything You Read About the Impact of GDPR on Travel
In Travolution, Charlotte Lamp Davies, VP of Travel and Hospitality at DataArt UK, sheds light on what GDPR really means for travel business, presenting data to reconcile the fears of maximum possible repercussions against practical realities.
“The ICO has the authority to impose fines of £17 million or 4% of turnover allowed under GDPR. Many articles have stated GDPR will therefore automatically cripple any company found guilty of a breach. However, UK Information Commissioner Elizabeth Denham says these are the maximum fines and would only be imposed on companies that are repeat offenders, that don’t play fair by the new rules.
At the TTI forum, technology lawyer Dai Davis said noted the ICO fined only 13 companies last year, with an average fine of £100,000. Data security breaches were reported by 1,950 organisations.
We’ve also seen headlines stating that all data breaches must be reported to the ICO. That’s not strictly true. As Denham states, only those personal data breaches that are likely to result in a risk to people’s rights and freedoms must be reported. And individuals need only be contacted if this is the case too – examples include discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. As she says: ‘Tell it all, tell it fast, tell the truth’ – and you’ll be fine.”