How GDPR can empower travel, transport & hospitality firms and their customers
By Jason Bissell, General Manager of Asia Pacific and Japan and Calvin Hoon, Regional VP of Sales, Asia Pacific
Over the last thirty years, the Internet has been the biggest disruptor to the travel, transport and hospitality industry. From apps, aggregators and Airbnb to review sites and price-comparison tools – travel’s digital migration is almost complete. Last year, global online travel sales totalled USD564.87b. By 2019, we’re looking at USD755.94b. Digital travel sales in Asia-Pacific is set to grow by 22.5-percent in 2017 to reach USD 214.07b, ranking first in the world. Today, about 30-percent of travellers in Singapore book trips online.
But travel, transport and hospitality is more than bookings and revenue – it’s a world within a world. Expedia found that most travellers visit 38 websites before tapping in card details, while HuffPost believes 95% of US travellers read seven reviews before purchasing a trip.
The digital transformation of the travel industry is more than enabling travellers to research and book transport and hospitality online via a range of devices, however. Each time a user browses, clicks, likes, shares, watches or reads they leave a data trail. And that data has become the lifeblood of the digital industry.
In 2015, the travel, transport and hospitality industry pumped more cash into online advertising than the electronics, media, entertainment and healthcare sectors. Travel is one of the biggest spenders in programmatic advertising, particularly video, and social media retargeting. This is why the coming of GDPR on May 25, 2018, redefining the parameters of consumer trust and privacy, represents the next great disruption to the travel, transport and hospitality industry.
What do travel, transport & hospitality firms have to do?
Ideally, they’ll already be well on the path to compliance because GDPR is real and it does have teeth, as several global companies have found to their cost when facing the collective might of the EU data protection taskforce. But it’s more than a legal challenge – it is also an operational challenge. Historically, point-of-sale devices and large, often weak, databases make travel, transport and hospitality firms – such as tour operators, airlines, hotels and agents – easy prey for cyber criminals. With the new onus on data protection and privacy, companies will need to ensure systems are impervious to attack.
Companies should get hands-on with their data, mapping their customer and employee data across all systems and defining processes and controls to not only mitigate fines, consumer wrath and brand damage but also improve quality and reduce redundancy of personal data.
Larger companies must appoint a Data Protection Officer to oversee compliance with the new GDPR rules and ensure these processes and controls are fit for purpose. It is not just within their organisations either, travel, transport and hospitality companies routinely share customer information with third-party tools, apps, and businesses for payment and itinerary purposes. The Data Protection Officer is responsible for ensuring the privacy and security of personal data extends to these environments as well. This will typically require a review of existing contractual agreements and must not be neglected if these organisations wish to ensure compliance.
Away from systems, GDPR has cultural implications too. Marketing chiefs need to enact the data subject access rights, such as accessibility, rectification, data portability or the right to be forgotten.
And they must adapt for an era where auto opt-ins and implied consent will no longer be an acceptable practice.
From May 2018, consent needs to be explicit and verifiable – there will be no more opt-in by default, omission or attrition. Under GDPR rules, customers must know how firms use their data – and they must explicitly agree to it.
How can travel, transport and hospitality sectors use technology to get ready?
While GDPR is the biggest disruption facing the industry in recent years, like any disruptor, it can be viewed as an opportunity rather than a threat.
Organisations should look at GDPR as an opportunity to use the latest cloud-based data integration and data fabric platforms to create a full, 360-degree view of their customers. By analysing to validate, clean, enrich, and remove redundancy from customer data pipelines, organisations can create a trusted source of customer information that can be accessed and managed in real time, as part of the customer journey. Organisations should look to leverage big data-ready platforms that allow them to capture, reconcile, document, protect and publish any personal information in an automated way, whether in the cloud or on-premise. By doing so, they can ensure that they always have an up to date map of GDPR related data across their IT landscape. Furthermore, it will foster accountability and stewardship from the Data Protection Officer down to operations, and will allow the protection or anonymisation of data when needed. Importantly, it can also manage data movements and data subject access requests helping organisations to comply with data portability or right to be forgotten requirements.
It is a vital move if firms are to validate the accuracy and privacy of customer data, and fulfil their obligation to provide customers with access to their data.
Translating GDPR readiness into value
When it comes to customer desires, the travel, transport and hospitality sector has an advantage over other industries. More than finance or FMCG, people really do want holiday offers. Travel is like getting a haircut – most people do it at least once a year, and they want to make it personal. Make it an enjoyable and value-added experience, and customers will keep coming back. Think of the Uber experience where you don’t have to search, book, tell the driver where you are, or pay in several different stages anymore. It’s now just one click.
A study by American Express found that 83% of millennials said they would happily let travel, transport and hospitality brands track their digital patterns if it resulted in a more relevant, personalised holiday experience. In fact, 85% of all respondents – of all age groups – said that customised itineraries and messaging were much more desirable than general, mass-market offerings.
In short, there are customers out there who want to opt-in. GDPR compliance through the implementation of data fabric and management system that creates a controlled 360-degree view of the customer – with full consent – is the means by which travel, transport and hospitality firms will maintain customer satisfaction and profitability. Firms can stockpile that data for more effective segmentation; to serve adverts – and curate engaging content and adverts – that really fit the customer’s vision. Remember, the quality of the customer journey and the customer experience will be directly linked to quantity and quality of the customer data, so it’s time to act.