From 25 May, the GDPR will affect how businesses collect, use, manage and store their customers’ and employees’ personal data. ABTA says that while many companies have already ensured they will be compliant with the new rules, some still have some steps to take before the deadline.
The association warns that any businesses that haven’t done so yet should take three important steps within the coming weeks and months: review the data they hold and how they handle it, understand the requirements of GDRP and if their procedures meet them, and update their privacy statements to ensure transparency on how they use data.
Non-compliance carries a fine of up to £17 million or 4 per cent of turnover, but ABTA says a mark against businesses on GDPR also has other impacts such as loss of goodwill, employee trust and negative publicity.
Simon Bunce, director of legal affairs at ABTA, said: “The GDPR is an evolution in the way that data is protected, rather than a revolution. The biggest priority now is knowing what GDPR means for their businesses and having the organisational capacity to start making changes in time for its introduction in May.
Rhys Griffiths, partner and head of travel regulation at Fieldfisher, added: “It’s not too late to make these changes to help your business be compliant with the GDPR and those which have processes and policies in place to adhere with the Data Protection Act will find that there is a lot of existing resource which can be re-utilised for GDPR compliance purposes. It’s also important to remember it will be an ongoing process, rather than a race to 25 May.”
ABTA has produced resources for members to help them prepare for GDPR and is also pointing businesses toward the ICO’s 12 steps to take guidance document.