Instead of fearing GDPR, travel, transport & hospitality companies should embrace an opportune moment to fine-tune their data foundations, putting the customer first and safeguarding their bottom line
Over the last thirty years, the Internet has been the biggest disruptor to the travel, transport and hospitality industry. From apps, aggregators and AirBnB to review sites and price-comparison tools – travel’s digital migration is almost complete. Last year, global online travel sales totalled $564.87bn (US). By 2019, we’re looking at $755.94bn. Today, more than 80% of world travellers book trips online.
But travel, transport and hospitality are more than bookings and revenue – it’s a world within a world. Expedia found that most travellers visit 38 websites before tapping in card details, while HuffPost reckons 95% of US travellers read seven reviews before purchasing a trip.
The digital transformation of the travel industry is more than enabling travellers to research and book transport and hospitality online via a range of devices however. Each time a user browses, clicks, likes, shares, watches or reads they leave a data trail. And that data has become the lifeblood of the digital industry.
In 2015, the travel, transport and hospitality industry pumped more cash into online advertising than the electronics, media, entertainment and healthcare sectors. Travel is one of the biggest spenders in programmatic advertising, particularly video, and social media retargeting. This is why the coming of GDPR on May 25th 2018, redefining the parameters of consumer trust and privacy, represents the next great disruption to the travel, transport and hospitality industry.
A quick word on GDPR
GDPR is not just a beefing up of existing privacy frameworks – it’s a complete paradigm shift, asserting that personal data belongs to the individual. So from May 25th 2018, organisations must be crystal clear when it comes to personal data and special category data: proving consent was given and explaining what data is being used for; how it’s protected, and how long it’ll be kept.
Non-compliance starts with a warning, but fines quickly escalate to €20m (or 4% of the previous year’s turnover – whichever is greater). Alarming as the penalties are, they may be a drop in the ocean when compared to reputational damage and the loss of customer trust. Take the recent example of Uber – who took the decision to cover up the theft of 57 million people’s personal data. If it was done in the GDPR era, this data leak would have resulted in a fine of $260M – or 4% of the company’s global revenue, which was $6.5B in 2016 – this would be significantly higher than the maximum penalties currently in effect (this is £500,000 in the UK). Even without this massive GDPR fine, Uber still had to face a massive negative reputational impact as the story made the headlines across the globe.
Although there is no scientific data on GDPR readiness of travel companies, anecdotal evidence suggests that just 8% of companies are prepared, despite intervention and guidance by industry bodies. The industry is not unique. Other industries are also still finding their feet when it comes to GDPR. According to a CenturyLink study, just 25% of UK legal firms – who should be leading the charge – are GDPR-ready.
What do travel, transport & hospitality firms have to do?
Prepare. Ideally, they’ll already be well on the path to compliance because GDPR is real and it does have teeth, as several global companies have found to their cost when facing the collective might of the EU data protection taskforce. But it’s more than a legal challenge – it is also an operational challenge. Historically, point-of-sale devices and large, often weak, databases make travel, transport and hospitality firms – such as tour operators, airlines, hotels and agents – easy prey for cybercriminals. With the new onus on data protection and privacy, companies will need to ensure systems are impervious to attack.
Companies have to get hands on with their data, mapping their customer and employee data across all systems and defining processes and controls to not only mitigate fines, consumer wrath and brand damage, but also improve quality and reduce redundancy of personal data.
Larger companies must appoint a Data Protection Officer to oversee compliance with the new GDPR rules and ensure these processes and controls are fit for purpose. It is not just within their own organisations either, travel, transport and hospitality companies routinely share customer information with third party tools, apps and businesses for payment and itinerary purposes. The Data Protection Officer is responsible for ensuring the privacy and security of personal data extends to these environments as well. This will normally require a review of existing contractual agreements and must not be neglected if these organisations wish to ensure compliance.
Away from systems, GDPR has cultural implications too. Marketing chiefs need to enact the data subject access rights, such as accessibility, rectification, data portability or the right to be forgotten.
And they have to adapt for an era where auto opt-ins and implied consent will no longer be acceptable practice.
From May 2018 consent has to be explicit and verifiable – there will be no more opt-in by default, omission or attrition. Under GDPR rules, customers must have knowledge of how firms use their data – and they must explicitly agree to it.
How can travel, transport and hospitality sectors use technology to get ready?
While GDPR is the biggest disruption facing the industry in recent years, like any disruptor, it can be viewed as an opportunity rather than a threat.
Organisations should look at GDPR as an opportunity to use the latest cloud based data integration and data fabric platforms to create a full 360-degree view of their customers. By analysing to validate, clean, enrich, and remove redundancy from customer data pipelines, organisations can create a trusted source of customer information that can be accessed and managed, in real time, as part of the customer journey. Organisations should look to leverage big data ready platforms that allow them to capture, reconcile, document, protect and publish any personal information in an automated way, whether in the cloud or on-premise. By doing so they can ensure that they always have an up to date map of GDPR related data across their IT landscape. Furthermore, it will foster accountability and stewardship from the Data Protection Officer down to operations, and will allow the protection or anonymisation of data when needed. Importantly, it can also manage data movements and data subject access requests helping organisations to comply with data portability or right to be forgotten requirements.
It is a vital move if firms are to validate the accuracy and privacy of customer data, and fulfil their obligation to provide customers with access to their data.
Translating GDPR readiness into value
When it comes to customer desires, the travel, transport and hospitality sector has an advantage over other industries. More than finance or FMCG, people really do want holiday offers. Travel is like getting a haircut – most people do it at least once a year, and they want to make it personal. Make it an enjoyable and value-added experience, and customers will keep coming back. Think of the Uber experience where you don’t have to search, book, tell the driver where you are, or pay in several different stages anymore. It’s now just one click.
A study by American Express found that 83% of millennials said they would happily let travel, transport and hospitality brands track their digital patterns if it resulted in a more relevant, personalised holiday experience. In fact, 85% of all respondents – of all age groups – said that customised itineraries and messaging were much more desirable than general, mass-market offerings.
In short, there are customers out there who want to opt-in. GDPR compliance through the implementation of data fabric and management system that creates a controlled 360-degree view of the customer – with full consent – is the means by which travel, transport and hospitality firms will maintain customer satisfaction and profitability. Firms can stockpile that data for more effective segmentation; to serve adverts – and curate engaging content and adverts – that really fit the customer’s vision. Remember, the quality of the customer journey and the customer experience will be directly linked to quantity and quality of the customer data, so it’s time to act.