GDPR and the Travel industry

UNLESS you have been living under a rock, you have probably heard about GDPR – General Data Protection Regulation – the new EU data protection law that comes into effect in less than a month’s time, on 25th May.

It was over 20 years ago, in 1995, that the current law -Data Protection Directive (LOPD in Spain) – was established. Back then, internet giants such as Google, Facebook and YouTube didn’t yet exist, the Nokia 2110 was as smart as mobile phones got with its cutting-edge ability to send SMS, and Windows 95 came in a box with 13 floppy disks to be able to install it! Clearly times have moved on somewhat, and so the updated new law is more than overdue.

As we enter the peak tourism season on the Spanish Costas, we take a look at how GDPR is going to impact on the travel & tourism industry.

Three quarters of people don’t trust businesses – travel brands included – to do the right thing with their personal data such as email addresses, according to the ICO.

The travel industry will be particularly affected due to the large volume of personal and sensitive data it processes about individuals such as name, date of birth, credit card details and passport details, and this data is often shared with third parties for booking purposes.

In a nutshell, the new law focuses on two main areas that you need to know about, from a business and consumer point of view.

1. Consent

The biggest change in the law concerns consent. Customers must give their express consent for their data to be used, and exactly what it can be used for. Could this be the end of email inboxes cluttered with unsolicited spammy emails? We can only hope! Many businesses that have built a large mailing database by any and every means necessary might be rightly worried by this but at the end of the day, isn’t it better to target people that have actually expressed an interest in a company’s products or services as opposed to a scattergun approach?

2. Security

The volume of sensitive personal data and credit card information collected and processed makes the travel industry one of the most vulnerable to data security threats.

According to a report by telecommunications giant Verizon in 2016, the travel & tourism industry suffers to most number of cyber-attacks of any industry

The new GDPR regulations enforces businesses, small and large, to be more accountable for the security of the data that they hold. Obviously, the bigger the company the bigger the target for cyber attacks and logically the more resources they have to secure against data breaches. But even small and medium businesses can ramp up their security with simple and effective measures such as good passport protection, using encryption for data storage either on cloud storage services or on your computer.

A webinar offering practical recommendations to become GDPR-ready for the holiday rental industry is available to attend online for free. The webinar is organised by Malaga-based holiday rental portal Various dates are available to attend the live webinar or download the recording afterwards. Details to register can be found on’s industry blog Rental Buzz []

Author badge placeholder
Written by

Euro Weekly News Media

Share your story with us by emailing, by calling +34 951 38 61 61 or by messaging our Facebook page