In just over a month, the European Union’s General Data Protection Regulation (GDPR) will come into effect and regulate many US businesses. In the travel industry, we expect that companies that use, whether directly or through a vendor, Artificial Intelligence such as chat bots, behavioral tracking for targeted marketing, and other internet marketing models will be subject to and targeted by these new laws. This is because the regulations protect the data and privacy of any person who is in a EU country. The data that will be protected includes items those of us in the US do not traditionally see as private including individual’s names and IP addresses—data used every day by nearly every travel company. Data you currently have and store, if not properly purged or otherwise brought into compliance, may cause you to violate these new laws when the clock passes midnight in Europe on May 24th. There is no exception “grandfathering” past collected data.
The penalties against companies who violate these regulations could be dramatic and devastating. In addition to bringing your company into compliance, you should ask your marketing partners and vendors questions such as “What are you doing about GDPR?” “What evidence do you have of compliance?” and “Where is the update to our contracts?”
Here is a link to our data privacy attorneys’ overview summarizing the GDPR and the actions we recommend taking now.