On 25th May 2018, the most significant piece of European data protection legislation to be introduced in 20 years came into force. The EU General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC which was enacted in the UK through the Data Protection Act 1998 (DPA 1998).
The aim of the GDPR is to strengthen data protection for EU citizens and residents and to give them greater control of their personal data.
Maximum fines where a data breach occurs will rise from £500k to £17 million or 4% of global annual turnover for the preceding financial year.
The GDPR strengthens the rights of your customers in a number of ways, including:
The right to object. A customer can object if their details are being used for direct marketing.
The right of access. A customer can request a report on their data held including where the data you took came from and to whom it might be disclosed. You must also reply to a request for data within one month.
The right to be forgotten. The customer can ask for their data to be erased from your systems.
The right not to be subjected to purely automated processes. For example, if a customer is refused insurance by an automated system they can call and ask for a manual review.
How can BookingLive help?
BookingLive made many changes to the latest version of booking software ahead of the GDPR deadline, including:
An opt-in request during booking journey to consent to process sensitive data and/or be sent marketing communications
Parental consent for users < 16 years old
Right to be forgotten – the ability for a customer to request all data held is removed via customer My Account
Data portability – the ability for a customer to receive all data held via customer My Account