News Headlines     |     


Thursday May 24, 2018 - Email this article to a friend

That's D for Data Protection. New regulations have come into force and not everyone in the travel & ski world is ready. UPDATED

We've all had the emails.

Hundreds of them.

PlanetSKI has even got in on the act.

PlanetSKI GDPR messagePlanetSKI GDPR message

Ironically, the bombardment of our inboxes is because of a change in the law intended partly to stop us being bombarded with unwanted information in future.

GDPR - the General Data Protection Regulations - are a reality.  They came into force on  Friday 25th May.

They're aimed at giving us more control over how anything capable of identifying us personally - our name, contact details, photos, computer IP address and so on - is used.

GDPR imposes stricter rules on how businesses collect, use, manage and store the personal information of individuals including customers and employees, and massively increases the fines available if an organisation messes up.

But the deadline will be missed by some travel firms.

Keep calmDon't panic

A show of hands at the ABTA Travel Law Seminar earlier this week demonstrated that most companies are busy putting new systems in place but are not yet fully compliant with GDPR.

Alexandra Cooke, an associate at commercial law firm Hamlins, told the seminar that some are panicking, some are taking it in their stride and treating it as an opportunity to get their house in order, but some are simply ignoring it.

Ignoring GDPR is a dangerous approach.

The maximum penalty for a serious breach is €20 million or 4% of annual turnover.

The regulators have said they won't be punishing breaches severely at the outset but companies need to show they are taking measures to become compliant.

For those in the travel industry who have been applying their minds to the subject, it's proved a time-consuming chore to write and update their privacy policies.

Ski Beat privacy policySki Beat email to customers

"We had four meetings to get the advice and understand what we had to do," Michael Pettifer of the ski insurance experts, MPI Brokers, told us.

"Each meeting was three or four hours, then we had to sit down and write the words, have it checked and then rewrite it.

"Then you've got to do the internal data protection policy, which is eight pages long, then the data protection information technology policy. That's 40 pages and I haven't even read that yet.

"It goes on and on."

  FilingTime to sort out the paperwork?













Alexandra Cooke advised delegates at the ABTA seminar that, if they hadn't yet made a start to compliance, there were a few simple steps they could take:

  • put locks on cabinets containing paperwork
  • set up your IT systems to automatically delete information after a set time
  • check third party suppliers have the same systems in place

And don't go thinking you can ignore GDPR because it's an EU regulation and we'll be leaving the EU soon enough.

The British government has enshrined GDPR in its new Data Protection Act 2018, so it's here to stay.

Good luck.

See here for the main PlanetSKI news page with all the latest stories from the mountains.

For the Spirit of the Mountains - PlanetSKI: Number 1 for ski news

Related Articles

FURTHER ROWS AT SKI CLUB GB (Friday November 29, 2019)
AWARDS FOR ESPRIT SKI & SANTA'S LAPLAND (Thursday November 14, 2019)
US indoor slope faces more delays (Wednesday October 30, 2019)
FANCY SOME SKI STATS? (Monday October 7, 2019)
SKI FLIGHT FREE IS LAUNCHED (Thursday October 3, 2019)
UK SKI INDUSTRY EMBRACES GREEN (Monday September 30, 2019)

With thanks to our main sponsors...

Platinum partners

Bronze partners