For many years now, cybersecurity has been a primary concern of government organisations and the banking sector, but the hospitality and travel industry is beginning to acknowledge the importance of online security in its day-to-day operations.
Each travel operator, hotel or transport company handles all kinds of sensitive data on their customers, as well as their own staff and suppliers. The consequences of organisations experiencing online data breaches are now higher than ever before. For instance, if a travel operator is hacked, leaking thousands of personal addresses of customers, they face significant financial, legal and reputational ramifications. The loss of customer confidence in the operator and the legal costs of any resulting identity theft would hit any travel operator big or small right where it hurts – the profit and loss sheet.
As businesses within the travel and hospitality sector grow, so too does their global footprint of sensitive data. There is an increasing need for these brands to maintain the privacy, integrity and security of all personal information that is in their care. A sure-fire data security 101 tip is to implement a robust user rights management hierarchy. This can help to control the level of sensitive data an individual can access in line with their seniority within the organisation as well as their job description. It requires travel companies – particularly those with global workforces – to keep a tight reign on their user rights systems to remove dormant users that may have left the company; mitigating the possibility of any revenge attacks. Organisations should also closely monitor and audit their employees’ data usage to pinpoint any signs of access abuse, which is not always malicious but can still have ramifications for the company when it's not.
The major elephant in the room for travel and hospitality brands operating in and out of Europe is the new impending European regulations designed to safeguard customer data. The new General Data Protection Regulation (GDPR) has been devised by the European Union (EU) and will come into force next year. Although GDPR is aimed at giving the average consumer or holidaymaker greater control over how their personal data is used and stored, it also gives travel and hospitality organisations greater clarity about data protection law, creating one legislation across the entire single market.
Under the GDPR rules, travel and hospitality firms that fail to comply in time for 25th May 2018 could experience hugely damaging financial penalties which could plunge brands into difficult times; perhaps even closure. The upper limit penalty for non-compliance will be €20m or 4% of an organisation’s annual global turnover; whichever is greater. GDPR will affect all kinds of departments of travel firms; from legal and compliance teams to IT and marketing divisions. Those within the travel and hospitality industry must therefore take the protection of customer and employee data as seriously as their revenue.
Regular security audits, increased encryption of data and watertight password control are no longer something that can be ignored. So too are lawful marketing campaigns and privacy policies, while teams should be educated and briefed on how to handle a data breach if – and when – the time comes. Travel professionals handle more data than you realise and meeting those new obligations will not only keep brands on the right side of the law, it will increase consumer confidence and strengthen brand reputation overall.