How GDPR Can Empower Travel, Transport and Hospitality Firms and Their Customers
What were the two biggest recent disruptions of the travel, transport & hospitality industry?
- The biggest disruption in the travel industry before now? The internet.
- The biggest eruption in travel in the digital era? Trust, privacy, and GDPR.
From apps, aggregators and AirBnB to review sites and price-comparison tools – travel's digital migration is almost complete. Last year, global online travel sales totaled $564.87bn (US). By 2019, we're looking at $755.94bn. Today, more than 80% of world travelers book trips online.
But travel, transport & hospitality is more than bookings and revenue - it's a world within a world. Expedia found that most travelers visit 38 websites before tapping in card details, while HuffPost reckons 95% of US travelers read seven reviews before purchase.
Each time a user browses, clicks, likes, shares, watches or reads they leave a data trail. And that data is the lifeblood of the digital industry.
In 2015, the travel, transport & hospitality industry pumped more cash into online advertising than did the electronics, media, entertainment and healthcare sectors. Travel is one of the biggest spenders in programmatic advertising, particularly video, and social media retargeting.
Travel today is clearly fuelled by data. So how will GDPR affect the travel, transport & hospitality business?
A quick word on GDPR
GDPR is not just a beefing up of existing privacy frameworks - it's a complete paradigm shift, asserting that personal data belongs to the individual. So from May 25th, 2018, organizations must be crystal clear when it comes to personal data and special category data: proving consent was given, and explaining what data is being used for; how it's protected, and how long it'll be kept.
GDPR hits all EU nations at once and, before you ask, Brexit won't alter a thing here in the UK. Non-EU companies who trade in Europe must also comply. Consequently, all major global organizations are working on making themselves GDPR-compliant in order to continue doing business in the EEA. Rule of thumb: if data breaches affect EU citizens: GDPR applies, regardless of where the mishap occurred.
There's no way around GDPR. It's not a dream, it's very real.
Non-compliance starts with a warning, but fines quickly escalate to €20m (or 4% of the previous year’s turnover – whichever is greater). Alarming as the penalties are, they may be a drop in the ocean when compared to reputational damage and the loss of customer trust. Take the recent example of Uber - who took the decision to cover up the theft of 57 million people’s personal data. If it was done in the GDPR era, this data leak would have resulted in a fine of $260M – or 4% of the company’s global revenue, which was $6.5B in 2016 - this would be significantly higher than the maximum penalties currently in effect (this is £500,000 in the UK). Even without this massive GDPR fine, Uber still had to face a massive reputation impacts as the story made the headlines with this story in each and every country where it operates, including in the UK where Uber is struggling to maintain their licences to operate in London and this won’t help.
Although there is no scientific data on the travel, transport & hospitality sector's GDPR readiness, anecdotal evidence suggests just 8% of companies are prepared. That's despite intervention and guidance by industry bodies.
If it's any comfort, other domains are not faring much better. According to a CenturyLink study, just 25% of UK legal firms – who should be leading the charge – are GDPR-ready.
What do travel, transport & hospitality firms have to do?
Prepare. Ideally, they'll already be well on the path to compliance because GDPR is real and it does have teeth, as several global companies have found to their cost when facing the collective might of the EU data protection taskforce.
But it’s more than a legal challenge. Companies have to get hands-on with their data: it all starts by mapping their customer/employee data adcross all systems and to profile and define controls. Doing so will not only improve quality, and reduce redundancy, of personal data, it'll help to mitigate fines, consumer wrath, and brand damage come GDPR. Ultimately, it will unlock the rights of the data subjects which now sets the standard for customer trust.
Historically, point-of-sale devices and large, often weak, databases make travel, transport & hospitality firms – such as tour operators, airlines, hotels and agents – easy prey for cybercriminals. With the new onus on safety, companies will need to ensure systems are impervious to attack.
Companies across the board are being pushed to appoint Data Protection Officers to oversee compliance with the new GDPR rules. These Data Protection Officers are responsible for the privacy and security of personal data, and for verifying that third-party tools and apps continue to protect personal data.
Travel, transport & hospitality companies routinely share customer information with third parties for payment and itinerary purposes, so existing agreements may need fresh eyes.
Away from systems, GDPR has cultural implications too. Marketing chiefs need to enact the data subject access rights, such as accessibility, rectification, data portability or the right to be forgotten.
And they have to adapt to an era where auto opt-ins and implied consent will not be an acceptable practice.
From May 2018 consent has to be explicit and verifiable – there will be no more opt-in by default, omission or attrition. Under GDPR rules, customers must have knowledge of how firms use their data - and they must explicitly agree to it.
But before you start thinking it's all doom and gloom …
How can Onepoint help you turn GDPR into an opportunity?
GDPR is the biggest disruption facing this new digital world. It is either a threat or an opportunity, depending on how one handles it.
Onepoint has been working with several organizations in the travel, transport & hospitality industry – that have traditionally adopted a booking-centric operating model – to create a 360-degree view of customers, powered by Talend Data Fabric. Customer data pipelines were analyzed to validate, clean, enrich, remove redundancy and create a trusted source of customer information that can be accessed and managed, in real time, as part of the customer journey.
Creating a 360-degree view of customers that can be accessed and managed in real time, is a strategic differentiator for actors in the travel, transport & hospitality industry to map the customer journey and associated data flow. It is a vital move if firms are to validate the accuracy and privacy of customer data, and fulfill their obligation to provide customers with access to rectify their data.
To deliver this 360-degree view, Onepoint leverages the Talend Platform. It allows to capture, reconcile, document, protect and publish any personal information in an automated way, in the cloud or inside the enterprise, at Big Data scale. It delivers an always up to date map of GDPR related data across a legacy IT landscape. It fosters accountability and stewardship up to the Data Protection Officer, down to the operations and allows to protect and anonymize data when needed. Last but not least, it allows to manage data movements and data subject access request such as data portability or the right to be forgotten.
Turning GDPR into value
The travel, transport & hospitality sector has a crisp advantage over other industries. More than finance or FMCG, people really do want your holiday offers. Travel is like getting a haircut - most people do it at least once a year. And they want to make it personal. Make it an enjoyable and value-added experience, and customers keep coming back. Think of the Uber experience where you don’t have anymore, to search, book, tell where you are, or pay. It’s just one click.
A study by American Express found that 83% of millennials said they would happily let travel, transport & hospitality brands track their digital patterns if it resulted in a more relevant, personalized experience. In fact, 85% of all respondents – all age groups – said that customized itineraries and messaging were much more desirable than general, mass-market offerings.
In short, there are customers out there who want to opt-in. GDPR is the mean by which travel, transport & hospitality firms can identify those customers and get a 360-degree view on them with full consent. Firms can stockpile that data for more effective segmentation; to serve adverts – and curate engaging content and adverts – that really fit the customer's vision.
Now, the key goal for travel, transport & hospitality companies is an app to stay connected everywhere and all the time. The quality of the customer journey and the customer experience will be directly linked to the quantity and quality of the customer data.