Lee Clarke at Dynama believes the cruise industry should see GDPR legislation as a welcome opportunity to review policies around sensitive data. Be prepared with a strategy that combines rigorous planning with the latest technology
With just weeks to go, the final countdown to new EU General Data Protection Regulation or GDPR on 25th May 2018 has begun. According to a recent survey of over 1000 global businesses an encouraging 72% are confident that they will have all the required GDPR compliance processes in place by the May deadline[i]. Is your company GDPR ready?
Cruise companies control masses of personal data. As an industry, cruise collects and stores information about passengers’ identities, preferences and health requirements. In addition information is held on large workforces (whether employed or contracted). Cruise lines face immigration law obligations in numerous jurisdictions and conduct frequent consumer-facing marketing campaigns. All of this information is likely to cross national borders and be exposed from time to time to physical and cyber security risk. The need to ensure data protection is already essential. Once GDPR applies and the risk of large fines and reputational damage increases, a breach of the data protection rules could potentially damage any business.
Turn risk into business advantage
Does the prospect of becoming ready for GDPR fill you with blind panic? Then why not turn that fear on its head and embrace GDPR as a positive opportunity. Broking solutions company Willis Towers Watson[ii] states that “while it may be easy to think of the GDPR as yet another compliance burden, it should be viewed as a means by which to bring your organisation up to speed with the modern digital world. To harness GDPR for business advantage….”
International law firm HFW[iii] backs up this sentiment and goes one step further when it claims “a cruise line which safeguards its passengers’ (and employees’) privacy rights will also be more likely to attract and retain its customers.” By showing responsibility around crew and customer data, brand loyalty could be increased which makes perfect commercial sense.
A winning GDPR preparedness strategy
What greater motivation do you need? It’s time to welcome GDPR with open arms. Here are a few steps to proactive GDPR preparedness:
- Audit your data – it might sound obvious but it is surprising how many companies fail to identify and classify their passenger and crew data risk register:
– what type of data is held?
– where it is located?
– who has access to the data?
– how is it used?
- Get consent – have passengers and crew given their consent to use their data? If you are using it for anything other than straight-forward direct booking of your services, then permission to use personal details is a legal requirement.
- Review security – step back and consider where you keep data. If it’s in hard copy format, make sure it is stored in a locked cabinet. Do you have robust online security processes and up-to-date technology? Have you reviewed the data management policies in your third-party contracts recently?
- Communicate regularly – it’s important for everyone involved to be aware of what data is held, any data policies and how staff should treat data. Everyone should know that they share responsibility for data security in order to build confidence in terms of compliance with GDPR legislation.
Use technology to control your data
Turning potential risk into business advantage starts with efficient data control. Wrap up your processes with automated, mobile-ready technology to create a strategic data management framework that works wherever you are and is flexible enough to scale as your business grows. The latest workforce deployment solutions:
- Manage big data – Automation and centrally stored information will also remove duplicated effort, reduce administration, time and staff costs;
- Integrate – an organisation wide Active Directory guarantees the security of all login credentials, the crucial first step to securing crew and passengers details;
- Step up security – well-defined security models control how data is segregated and who has the authority to access, use and change it. Customer screens can be configured to ring-fence sensitive passenger data and personal information can be hidden from view when not required for personal identification but is still retained in the original records for auditing purposes;
- Offer advanced reporting capabilities – reporting on data quickly is invaluable to supporting requests for information from GDPR assessors, often at short notice;
- Guarantee effective compliance management – clear visibility of critical data and the automatic recording of all changes made to data provide a valuable audit trail.
What’s stopping you now from becoming a leader in today’s competitive cruise industry? Introduce robust processes, communicate and embed them effectively and thoroughly into an automated system. Understanding GDPR and knowing how to deal with it will take away the fear and empower everyone in your organisation to turn risk into business opportunity. Remember the clock is ticking.
Dynama does not offer legal advice or GDPR consultancy
Lee Clarke is Regional Director – Northern Hemisphere at Dynama
[i] EfficientIP and independent market research firm Coleman Parks Survey Feb 2018Learn how Dynama’s technology can help with data control