Previous Story
GDPR: What Greek Travel Agents Need to Know About EU’s New Privacy Law
Posted On 22 Mar 2018
Comment: 0
Tag: c81087c, data privacy, Data Protection Impact Assessment (DPIA), Data Protection Officer (DPO), data protection rights, electronic data protection system, EU privacy law, EU Privacy Regulation GDPR, European directive on personal data, Federation of Greek Travel Agencies, FEDHATTA, GDPR, General Data Protection Regulation, General Data Protection Regulation (GDPR), Greece tour agents, Greece tour guides, Greece tourism, Greece travel, Hellenic Association of Travel & Tourist Agencies, l1938l, tourism Greece, travel and tourism
As of May 25, a new privacy law known as General Data Protection Regulation or GDPR will take effect across the EU restricting how personal data is collected and handled by public or private companies, organizations, services, banks, insurance companies, hospitals and hotels.
The GDPR aims to ensure that users know, understand, and consent to the data collected about them while fine print and other online tactics will not be allowed giving consumers the upper hand.
Before the law takes effect, Greece’s travel agents had the chance to learn more about the requirements during a day event organised by the Federation of Hellenic Associations of Tourist & Travel Agencies (FedHATTA) for its members on Tuesday.
According to the EU regulation, companies must be clear and concise about the collection and use of personal data, including the identification of an individual – identity card, passport, name, photo, credit card details, VAT ID, home address, location data, IP address, and personal preferences. GDPR also foresees stricter conditions for collecting “sensitive data” such as race, religion, political affiliation, and sexual orientation.
During the event, emphasis was placed on the responsibility of each company to adhere to the new regulation which affects tour agencies in large part due to personal data collection of their clients. Companies will now have to explain why the data is being collected and whether it will be used to create profiles for future use.
Violation of the law carries penalties of up to 20 million euros.
In the meantime, to ensure adherence, the Hellenic Data Protection Authority will carry out inspections. Companies will be accountable should there be a leak of information, and must have an electronic data protection system in place to address the issue.
Companies will also be required to keep records of all processed personal data and are advised to designate a Data Protection Officer (DPO).
For more information on the GDPR, press here.
