CONFERENCE: TTI Summer Forum 2017 – Getting to Grips with GDPR
This week I was at the Travel Technology Initiative's Summer Forum. The subject was the new EU (and UK!) data protection laws. These are due to come into force in May 2018. It's a large topic where the individual member state's laws and guidance are evolving.
There were three main points that I picked up from the presentations. First from Dai Davis, GDPR expert at Percy Crow Davis & Co. His lively presentation talked about how a large part of the change is in how rights communicated. Before this was by "fairness" through registration of usage with a central body. The shift is to transparency by informing individuals directly.
This means that the consumer mindset could then shift to match how legislation is framed. For example, with the repetition of many companies holding personally identifiable information now having to inform what they are collecting and how they are processing it. Currently, awareness isn't high and the compensation not high enough to make it worth pursuing.
The next salient point came from Steve Dobson, IT Security Director, ATCORE Technology. He talked about how the new regulations move more accountability to data processors. So as IT suppliers we need to care more about data controller behaviour as it can comprise us as data processors.
The final point I'd note was that consent is key. Additionally with the rights of subjects to knowing what data is held you need to check that the request is coming from the individual in question. Also that you have the consent from them. This can be an issue on travel bookings. For example, where multiple passengers could request data held on the same PNR.
As a Product Manager for an IT supplier in the travel industry I also picked up some product ideas, but those are for my backlog not my blog ;-)
There were three main points that I picked up from the presentations. First from Dai Davis, GDPR expert at Percy Crow Davis & Co. His lively presentation talked about how a large part of the change is in how rights communicated. Before this was by "fairness" through registration of usage with a central body. The shift is to transparency by informing individuals directly.
This means that the consumer mindset could then shift to match how legislation is framed. For example, with the repetition of many companies holding personally identifiable information now having to inform what they are collecting and how they are processing it. Currently, awareness isn't high and the compensation not high enough to make it worth pursuing.
The next salient point came from Steve Dobson, IT Security Director, ATCORE Technology. He talked about how the new regulations move more accountability to data processors. So as IT suppliers we need to care more about data controller behaviour as it can comprise us as data processors.
The final point I'd note was that consent is key. Additionally with the rights of subjects to knowing what data is held you need to check that the request is coming from the individual in question. Also that you have the consent from them. This can be an issue on travel bookings. For example, where multiple passengers could request data held on the same PNR.
As a Product Manager for an IT supplier in the travel industry I also picked up some product ideas, but those are for my backlog not my blog ;-)
Comments
Post a Comment