As of May 25, a new privacy law known as General Data Protection Regulation or GDPR will take effect across the EU restricting how personal data is collected and handled by public or private companies, organizations, services, banks, insurance companies, hospitals and hotels.
The GDPR aims to ensure that users know, understand, and consent to the data collected about them while fine print and other online tactics will not be allowed giving consumers the upper hand.
Before the law takes effect, Greece’s travel agents had the chance to learn more about the requirements during a day event organised by the Federation of Hellenic Associations of Tourist & Travel Agencies (FedHATTA) for its members on Tuesday.
According to the EU regulation, companies must be clear and concise about the collection and use of personal data, including the identification of an individual – identity card, passport, name, photo, credit card details, VAT ID, home address, location data, IP address, and personal preferences. GDPR also foresees stricter conditions for collecting “sensitive data” such as race, religion, political affiliation, and sexual orientation.
During the event, emphasis was placed on the responsibility of each company to adhere to the new regulation which affects tour agencies in large part due to personal data collection of their clients. Companies will now have to explain why the data is being collected and whether it will be used to create profiles for future use.
In the meantime, to ensure adherence, the Hellenic Data Protection Authority will carry out inspections. Companies will be accountable should there be a leak of information, and must have an electronic data protection system in place to address the issue.
Companies will also be required to keep records of all processed personal data and are advised to designate a Data Protection Officer (DPO).
For more information on the GDPR, press here.