GDPR – What is it and how is Tourwriter preparing for it?
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will take effect from May 25, 2018. Simply put, EU residents will now have a greater say over what, how, why, where, and when their Personally Identifiable Information (PII) is used, processed, or disposed. The regulation also clarifies how the EU personal data laws will apply beyond the borders of the EU. Any organisation that works with EU residents’ personal information in any manner, irrespective of their location in the world, has obligations to protect this data.
Tourwriter’s commitment
At Tourwriter we have always honoured our users’ right to data privacy and protection. We do not collect and process personal information beyond what is required for the functioning of our products.
How is Tourwriter preparing for GDPR?
Tourwriter is gearing up to be GDPR compliant across all of its applications by the time the regulation comes into effect. As a data processor, Tourwriter understands its obligation to help our customers get ready for the big day. We are currently:
Identifying Personally Identifiable Information (PII): For our applications, both existing and new, we are reviewing the level of personal data collected, used, stored and disposed of, and implementing specific plans for how this information will be protected in line with GDPR guidelines
Enhancing visibility and transparency: The most important aspect of GDPR is how collected personal information is used. As a data processor, Tourwriter’s key role is to provide our customers (the data controllers) with the ability to effectively manage and protect their users’ (e.g. travellers) data. As such we are working to make the consenting process more explicit
Portability and transferability of data: GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, Tourwriter is working to enhance its data exporting capabilities
What does this mean for you?
We understand that meeting the GDPR requirements will take time and effort. As your partner we want to make this process as seamless as possible so that you can focus on running your business.
However there are some things you will need to do:
Nominate someone to oversee GDPR activities and raise awareness
Ensure your contracts with third parties and customers meet GDPR requirements
Identify personal information that is being collected, and how this information is being processed, stored, retained and deleted
Understand that it will not be sufficient to store personal information in open systems such as spreadsheets and documents
Establish procedures to respond to individuals when they exercise their rights to access, modify or delete personal information
Create a process for dealing with data breach notifications
Implement a continuous GDPR (and privacy) employee awareness programme