Suppliers should share their good practice to avoid mayhem when new data protection rules come in this year, says Sharon Fleming, owner of Thompson Travel
Our 2017 was a year for cruising, city breaks and long-haul holidays.
Customers have been travelling to their dream destinations for special occasions or just to tick it off their list.
A general feeling of ‘life’s too short’ and ‘a new car can wait’ have been the viable excuses that have kept us busy.
It was our 25th year of business and we scooped a few awards. I had the honour of receiving the Outstanding Woman in Business Award 2017 at Armagh City, Banbridge and Craigavon Borough Council’s first business awards.
The cruise business is growing and ships are being built at a phenomenal rate.
New routes from Belfast have been announced, opening up more opportunities for our customers.
And all we want to do is sell holidays – it’s in our blood. Our reputation and licences tell our valuable clients that they receive protection with us, can have confidence in our arrangements and avoid the insecurity of the internet.
We promote ourselves as a customer service and build a rapport with clients every day, so they keep coming back. So why can’t we just get on with it?
For 2018, there will be more paperwork and legislation, including the General Data Protection Regulation (GDPR), which comes into force in May.
Gone are the days of manual files, cash and cheque payments. As a result of technological advances, we have moved to online payments, electronic ticketing and superb back-office systems.
We now use secure passwords, electronic filing and still do the odd bit of shredding.
So here we are again, governed by more EU legislation on how we store clients’ information – do they not know we have been booking Joe Bloggs on a secret week with his mistress for 20 years to Tenerife and we haven’t told a soul?
Don’t they know we keep clients’ details so safe that we can’t find them ourselves the next time they are travelling?
Do we now have to get rid of every shred of evidence that we have for our clients, and then have to prove we had customers in the first place for an HMRC inspection?
Customers expect us to remember their passport and its expiry date, their date of birth and how their grandchild performed in their piano exam.
It’s the little things that make them think we know them. We independent agents are the leaders in discretion and confidentiality.
I don’t have a department to write policies for this – the buck stops here. So how do we prove that we comply?
I have in-house procedures. We shred. We password. We protect. We record our procedures. We train our staff. But we need the help of our suppliers.
It would be great if our suppliers, including airlines, could kick-start 2018 by taking five minutes to send us a quick blurb on how they protect the data we send them.
We input the data into your systems but where does it go? How are you protecting my clients’ data, from API to cruise check-ins?
Share your good practice, so we can get our policy written and complete another legislative jigsaw.
We can write what we do in-house, but we are only one link in the chain. Let’s get this sorted before the mayhem begins.