Ai Editorial: Why having a core data asset isn’t enough?

First Published on 6th April, 2018

Ai Editorial: In the wake of recent concerns related to data privacy or even ongoing cases pertaining to a breach, leak or attack on personal data, it is imperative for travel companies to take a stringent action, writes Ai’s Ritesh Gupta

 

The significance of a company-owned core data asset can’t be undermined, but this also means there is an additional onus on travel companies to look at critical areas, be it for privacy of customers, data privacy laws or even the action that needs to be taken in case there is a breach, leak or attack on personal data.

This would be a key topic of discussion at the upcoming 12th edition of Ai’s Ancillary Merchandising Conference, slated to be held next week in Edinburgh, Scotland. Considering the recent incidents such as the fiasco featuring Facebook and Cambridge Analytica or The General Data Protection Regulation or GDPR (the deadline for compliance is May 25th, 2018), travel companies have to ensure they abide by data protection rules across Europe or other parts of the world.

Getting the basics right

Here are some of the areas that need to be taken care of:

Responsibility towards travellers: Travel companies need to provide consumers with control over how their data is used. It is time travel companies find ways to request, receive and capture customer consent to the use of their personal data.

In fact, in case of the GDPR, coverage of legal bases must feature a “freely given, specific, informed and unambiguous consent by clear affirmative action”, and also a right to withdraw consent, which must be brought to their attention. In case of GDPR, there is a need for explicit and informed consent from EU residents for collecting and using their personal data.

In case of a customer data platform, as we highlighted in one of our recent articles, travel companies need to be aware of registered consent when accessing customer data (so data coming from any touchpoint and system, the related computation or processing of data is to be done in sync with consent, assess how the data is being used, what data is being used and for how long that data can be used), address data audits in a speedy, exhaustive manner (say who has been accessing data) and ensure there is consent across all touchpoints (including integration with consent registration databases). The core data asset, say a customer data platform, needs to collect, manage, and store personal data responsibly. This is where the upcoming regulation, GDPR, comes in.

(Hear from experts about GDPR at the upcoming Ancillary Merchandising Conference, to be held in Edinburgh, Scotland this year (9-11 April, 2018). For more info, click here)

Understanding the responsibility as an enterprise: Other than consent, organizations need to assess several other areas. And here also, GDPR, is an apt benchmark to assess the preparedness.

  • What is the definition of personal data?
  • Who all are liable, for instance, GDPR extends liability to all organizations that touch personal data.
  • Understand the implications of being checklist for data controllers and data processors. What’s the checklist? For instance, as explained in the GDPR, controllers have to adhere to compliance measures to cover how data is collected, its use, the tenure for which the same is going to be retained and making sure consumers have a right to access the data held about them. As for data processors, controllers must bind them to certain contractual commitments to ensure that data is processed safely and legally.   
  • Processing must be paused if objection is raised by an individual.
  • What is an organization is probed/ summoned/ asked to perform a data audit for a specific customer?
  • How can a customer data platform help in making the most of the available data while complying with both the contractual and technical challenges posed by GDPR?

 

Other recent articles on GDPR:

Ai Editorial: As trust around “personal data” wanes, hopes hinge on a stringent regulation

Ai Editorial: How is your GDPR transformation process coming along?

 

 

 

 

 

 

 

Editorials

  • Ai Editorial: NDC 17.2 – is it the solid foundation this standard was looking for? +

    First Published on 17th August, 2018 Ai Editorial: Buoyed by the introduction of version 17.2, IATA’s NDC standard is set to eradicate concerns pertaining to too much flexibility in the Read More
  • Ai Video: Time for airlines to look beyond the “Where to Go?” option +

    First Published on 13th August, 2018 Be it for having a bigger say early on in the booking funnel to targeting the second wallet of the traveller, airlines are looking Read More
  • Ai Editorial: How a cryptocurrency like bitcoin is faring as a payment method? +

    First Published on 8th August, 2018 Ai Editorial: Even as travel ecommerce players closely evaluate what to expect as far as bitcoin is concerned, they also need to consider the Read More
  • 1
  • 2
  • 3
  • 4
  • 5