Travel and Leisure

This industry is particularly prone to breaches of the DPA legislation due to its nature, format, the multitude of administrative systems utilised and the sheer amount of personal information processed.

Travel & Leisure GDPR Services

The travel and leisure industry is one of the industries in which personal information has always played a big role. Imagine the information that is available to a hotel regarding a specific guest who comes to the hotel.

Information is collected not only directly from guests, but also through  third parties (travel agents) and other booking sites. High volumes of personal information is processed including a large number of payment card and / or loyalty card details. Specifically, the data used in this sector can have a major impact on guests if something happens to it, fraudulently or by accident.

The vast amount of (sensitive) personal information and also the fact that the data is constantly in transit, makes the travel & leisure industry a prime candidate of falling foul of the GDPR legislation.

  • Travel Agents
  • Airlines
  • Hotels
  • Event Spaces
  • B&Bs

Are you prepared in the following areas of the Data Protection Act 2018 (GDPR)?

You must have a good awareness of the following:
Awareness / Training

It is vital that decision makers and key people in your organisation are aware of and understand the impact that The Data Protection Act 2018 (Inc GDPR) will have on the business and employees.

CCTV Domestic - Business

If your CCTV system captures images of people outside the boundary of your business property the Data Protection Act 2018 will apply to you.

Communicating Privacy Information

When you collect personal information, you have to give people certain information in return, your identity, how the information is used, explain the lawful bases for processing the information, retention periods and that individuals have the right to complain to the ICO.

Data Breaches

Procedures should be adopted to effectively detect, report and investigate a personal data breach. Depending on the type of breach, you are required to notify the ICO and the individuals effected.

Data Limitation (Retention)

You must not keep personal information for longer than is necessary. If the business no longer needs the information the individuals has the right to erasure (deletion).

Knowledge Centre Articles

GDPR - Hotels
Hotels
Read More
GDPR Self Employed
Guide for the Self Employed
Read More
GDPR and Brexit
GDPR and Brexit questions
Read More

GDPR WATCH

Decathlon - Data Protection - Breach - Retail

Decathlon, which has outlets in 49 countries globally, has reported a data breach that impacted 123 million records which incorporated unencrypted passwords.The breach was first noticed 12 February, 2020.As the breach falls under the remit of the European Union’s General Data Protection Regulation (GDPR) the fine sanctioned could be as high as 4% of annual global revenue for 2018, which equates to €500 million.

Decathlon - ongoing investigation

Sports retailer Decathlon, which has outlets in 49 countries globally, has reported a data breach that impacted 123 million records which incorporated unencrypted passwords.

The breach was first noticed 12 February, 2020.

As the breach falls under the remit of the European Union’s General Data Protection Regulation (GDPR) the fine sanctioned could be as high as 4% of annual global revenue for 2018, which equates to €500 million.

Making it easy Limited - Retail

Retail and Manufacture

Making it Easy Ltd has been fined £160,000 by the Information Commissioner’s Office (ICO) for making spam calls to people registered with the Telephone Preference Service (TPS).

The ICO has also issued an enforcement notice to Making it Easy Ltd ordering it to stop its illegal marketing activity.

Dannyelle Shaw - Local Government

Social Services

A former Reablement Officer at Walsall Metropolitan Borough Council has been prosecuted for accessing social care records without authorisation.

An internal investigation by the Council found that Ms Shaw had inappropriately accessed the social care records of 7 adults and 9 children without any business need to do so.

Dannyelle Shaw of Bloxwich, Walsall, appeared before Wolverhampton Magistrates’ Court and admitted one offence of unlawfully obtaining personal data, in breach of s55 of the Data Protection Act 1998. She was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45.

REVIEWS

MLR Career Step

"From our first meeting to the delivery of all policies, documentation and improvements to business procedures, the process was very simple and painless. After the initial information gathering meetings TWI handled all the production, answered all our questions we had clearly and promptly and importantly to ourselves kept to their plan and timeframe for compliance "completion".

"We did utilise TWI for further training and general awareness for all staff of the business, vital in relation to subject access requests"

MLR Career Step, Professional Recruitment

Our Client Reviews

"From our first meeting to the delivery of all policies, documentation and improvements to business procedures, the process was very simple and painless. After the initial information gathering meetings TWI handled all the production, answered all our questions we had clearly and promptly and importantly to ourselves kept to their plan and timeframe for compliance "completion".

"We did utilise TWI for further training and general awareness for all staff of the business, vital in relation to subject access requests"

MLR Career Step, Professional Recruitment

2nd Review goes here

Talk to us about Compliance

Contact us to get started!

TWI is an experienced provider of the Data Protection Act 2018 (GDPR) and (PECR) compliance services. Experienced in dealing with SME's and from Charities to large FTSE 100 Organisations.
At TWI we give honest, straight forward and independent advice that helps customers navigate an increasingly complex and regulated digital business world.     

We provide a clear business plan to compliance, with a flexible and cost-effective approach that suits all sizes of organisation. With almost 30 years’ experience at the heart of the rapidly evolving business environment, TWI has established a position as a leading advisor to high profile clients from the private & public sectors, including retail, professional, financial and leisure organisations.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Call us

You can reach us on weekdays on: 
07857 342875

eMail us

Mail us directly on our email: info@twigdpr.co.uk

LinkedIn

Connect with us directly on our LinkedIn channel: @twigdpr.co.uk