Travel Managers Should Get Used to Data Privacy Restrictions

For most organizations, it’s business as usual after Europe’s new privacy measures embodied in the General Data Protection Regulation (GDPR) came into effect on May 25. That is largely because of the efforts of the major travel suppliers and industry associations. While the new data security and privacy requirements are aimed at protecting European Union citizens, they also cover non-European organizations that offer goods or services to — or monitor the behavior of — European Union citizens. So, non-European Union corporations with operations or staff in the European Union fall under the regulation for their European residents’ data, potentially impacting on global travel programs. GDPR also applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location. The new requirements can be significant for travel managers, who keep large amounts of traveler data such as health status, dietary requirements and travel preferences, and share much of that with travel management companies, airlines, hotels and security providers. American Express Global Business Travel started to build GDPR-compliance and Privacy by Design principles into its programs, products, and services more than two years ago to ensure GDPR readiness, according to Michael Savicki, vice president of complian