From May next year, the General Data Protection Regulation (GDPR) will go into effect in the European Union.
The purpose of the regulation is to further harmonise national data protection laws across the EU, strengthen the obligations on those who use personal data, and enhance the rights of individuals.
The GDPR will apply to every company processing personal data of EU citizens, not just those inside the EU. Non-compliance will lead to fines of up to €20m (R284m) or 2-4% of global turnover, whichever is greater.
Under the GDPR, individuals need to give unambiguous and informed consent for their data to be processed. It also affords individuals the ‘right to be forgotten’ and the right to access their personal data.
European Labour Lawyer Dr. Jan Tibor Lelley told ASATA that South African travel agents offering services in the EU, will also need to comply with the GDPR from May 2018 onwards.
To comply with the new regulations, Dr Lelley says South African travel agents should keep in mind the following:
Limit amount of data to possible minimum and ensure that data is not made public.
Delete person data if the individual requests this (right to be forgotten).
Take appropriate measures to avoid data breaches, e.g. IT security concepts etc.
Report data breaches to data protection agency.
Collect, store and process personal data only after the individual did expressly consent.