Andy Headington, CEO of marketing agency Adido, recently attended Abta's Data Protection and Management for Marketing training day. He's since compiled his tips on broaching data and GDPR
Guest Post: How we can all embrace data and avoid the pitfalls
I recently presented at ABTA's 'Data Protection and Management for Marketing' training day. It was a particularly useful day, packed with essential knowledge and practical guidance, so I've summarised below the most pressing and important points for travel professionals.
We all know that data protection, compliance and management aren't the most exciting topics in the world, but the day made a big impression on all of us in terms of just how important they are to your travel business. It's essential to get things right, so I'd urge everyone to read and, where required, act on the following at the earliest opportunity:
- GDPR rules have been in place since 2018, and in fact, since we left the EU, there are actually two GDPRs in place - one specifically for the UK and one for the EU. Yet many travel businesses are not fully aware of their obligations around how to manage data - and it's critical they are.
- There are a number of rules that need to be observed when it comes to transferring data across borders, which must be understood and managed effectively. This is vital and something travel businesses have to adhere to at all times.
- Importantly, changes are being proposed which will tighten how data flows from the UK out to the world. The clock is ticking and it's well worth preparing for these updates.
- This poses a challenge to travel companies as to how to inform travellers of where their data goes and how to communicate how it will be shared between various parties, such as flight operators, hotels and tour providers. Companies should consider now how they will share these changes with everyone involved, to avoid confusion, while still maintaining a clear and well-defined approach.
- In short, if you don’t have this expertise in-house, do seek external advice or training. It’s so important to get things right and the penalties associated with non-compliance and reputation can be serious.
- When it comes to data security, the biggest fail points of any travel business are the way in which your teams handle data and a lack of awareness of scammers and phishing attacks.
- Where possible, travel companies should consider having an internal 'data week' once a year, to bring the issue top of mind again, rather than it being forgotten about. And yes, I know that doesn't make for the most thrilling theme, but there is lots of great advice online as to how to bring the week to life and involve everyone.
- Travel businesses should train and then retrain their teams regularly - ideally annually - to ensure they are aware of common attack threats. Additionally, every company must aim for 'privacy by design' and make it part of their culture, rather than something stuck on the end of processes.
- While it's fairly well understood that email marketing requires an opt-in for data to be legitimate, the same is not understood about cookies. Many travel businesses still have an 'auto opt in', where tracking happens as part of the usage of the website. Whilst this is still common, this is NOT compliant with the GDPR rules, which state an 'unambiguous positive action' needs to be taken. Just because many other websites are failing to adopt best practice, doesn’t mean you should.
- Various changes are rolling out in the latest version of Apple's iOS, which will potentially mean that first party data collection will become more difficult in 2024. At the moment, only advanced features in Safari are going to have an impact - which are also available in other browsers - but this course of direction is clear for Apple. And of course with it's large and loyal customer base, this could pose a large threat for digital marketers and their data collection processes in the coming year.
So overall, lots to think about, and I'd really encourage businesses to pull together to ensure they're on top of everything. It's worth considering whether someone can act as 'data champion' in your organisation, to ensure there's a go-to contact point in the business, and who can also draw on the help and support of others around them as well as external experts. It's a great opportunity to positively influence your business, and an absolutely essential role to carry out.