With strong penalties expected for companies that don’t comply, the travel industry is gearing up for new data regulation, which comes into effect in May next year. Senay Boztas reports

May 25^th next year is a momentous day for Europe. It’s not a royal wedding, but the day that a new piece of legislation comes into effect.

The General Data Protection Regulation (GDPR) is a law that strengthens and unifies data protection across all 28 EU countries. Among other things, it means that EU residents have control of their personal data and increases the definition of ‘personal’ to include things like an IP address. People can ask for personal information relating to them to be deleted, and have to give explicit consent for data to be collected and used. The fines for non-compliance are up to €20 million or 4% of global turnover.

At EyeforTravel’s co-located data summit and digital strategies conferences last week, travel companies that have been collecting customer data to personalise their offers and drive sales, revealed how they are responding.

Amer Mohammed, head of digital innovation at the ferry operator Stena Line, said that it is “accidentally on the way to solving this problem” via its digital strategy.

Stena Line - “accidentally on the way to solving this problem"

He explained: “We want to be the world’s first cognitive ferry operator – fully assisted by artificial intelligence by 2021 and we need all data in one place, accessible to all. When we move all data in one place, after we clean it, we split it: one to Pluto marketing, one to Pluto analytics." 

“In the marketing you have personal data where you can identify the individual, in the second we have anonymous, aggregated data. If a customer asks us to delete their data, we only delete the first one. The second we use to get to know our customers.”

The Stena Line data scientist team is working on this, he said, while the firm has also solved the issue of ensuring that people opt in to any marketing contact, by proposing joining its loyalty programme.

“A customer has to explicitly say they want in or out,” he said. “This is where the loyalty programme comes in and why companies are forcing people to be part of their loyalty programme. We are going to try to use computer vision enabled payment, cameras that identify you and charge you when you pick something up. [Customers] have to be part of a loyalty programme.”

He added, joking about the strength of the penalties for breaking the new directive: “Otherwise it’s Guantanamo, if you do something without their consent!”

Data legislation doesn’t have to be cumbersome

Ignacio Longarte, a strategic advisor on the digital value chain for multinational companies, said others are taking a similar line. “This is a smart approach and technology companies I’m working with have dynamic masking of information,” he said.

But, he added, data legislation doesn’t just have to be cumbersome: patents and copyrights can add value to your company, and actually complying with GDPR should be part of wising up to data management. “Data is more [valuable] than oil – it could have tremendous potential if properly managed,” he said. “Everything is going to be connected and if you don’t have this connection you won’t be able to use artificial intelligence. If you’re able to nurture scientific knowledge with legal R&D, you are going to maximise your value.”