The entry into force of the General Data Protection Regulation (GDPR) on May 25 has put on the table the debate on the use and value of data in a world that is built with interactions through various online platforms in which companies, entities and people share a lot of information. This reflection is very positive and is encouraging a worldwide trend towards practices that guarantee a more balanced, clear and transparent use of the data.

This is the main conclusion of the Workshop + Round Table: “25M-The new GDPR: from business to cybersecurity in the tourism industry”, organized by Interface Tourism Spain, with the support of SEGITTUR and SmartTravelNews, in which several experts like José Alberto participated. Rodríguez Ruiz, Global Data Protection Officer at Cornerstone – SaaS Human Capital Management; Álvaro Carrillo de Albornoz, general director of the Hotel Technological Institute – ITH; Gemma Millares, Content Manager and expert in the new RGPD regulation of SEGITTUR and Àlex Villeyra and San Anastasio, COO at Mabrian Technologies, in an open debate moderated by María Sánchez-Grela, general director of Interface Tourism Spain.

The entry into force of this legislation is “all advantages”, said Gemma Millares, SEGITTUR, because it has forced users to understand “where and how your data is used”, and will offer tourism businesses “an opportunity to offer more value to customers. ” A value that goes through the personalization and relevance of the experience, as pointed out by Álvaro Carrillo de Albornoz, ITH, who stressed that the arrival of this new legislation “has also allowed us to address in the sector other matters of great importance related to the use of of new technologies, from cybersecurity to Big Data “and anticipate trends for future travelers, a task in which Mabrian Technologies has also invested, as Àlex Villeyra pointed out.

“It is an incentive to rethink not only alternative sources of data but how to analyze the entire travel cycle, anonymizing the data,” without losing customization. In this sense, José Alberto Rodríguez, from Cornerstone, insisted that the new regulation seeks a “balance between personalization and risks”, contributing clarity and transparency to the process of collecting, managing and deleting data.

Guides and sector recommendations, the next step

As explained by the Cornerstone expert, the GDPR delves into the processes of collection, consent, deletion and access to data, emphasizing not only the legitimate consent, but the obligation to use the information exclusively for the purpose for which it has been collected. “The law regulates the use of data, not their property,” Rodríguez points out, emphasizing that the key lies in finding the right balance between business needs and the volume of data collected.

He insisted on the need to know in advance what the data will be used for before collecting them, to correctly define both the criteria and the procedure, and the way in which the right of access and deletion can be exercised. In addition to introducing the figure of the delegate of data protection, the fines for breach noticeably increases and legal and reputational risks increase, given the increasing public awareness of this issue.

“The Cambridge Analytica scandal has had a great impact,” said Villeyra, who explained that, in light of these events, many companies began to take precautions and prepare for the new regulation. “We will see movements of many technological platforms that will limit the access of the data, until recovering the credibility”, increasing the aggregation of the data packages and with clauses of protection of more stringent data, advanced.

According to Carrillo de Albornoz, “Google, Amazon, Facebook and other similar companies go a step further, and are already developing the standards and technologies that will offer added value and customization” and that, in their opinion, will force the cession of data in a organic, in exchange for more relevant experiences. “The more personalized the experience, the lower the risk of feeling like a number,” he said.

“It’s a paradigm shift, from quantity to quality, from outbound to inbound marketing,” said Cornerstone’s data management expert, who advocated the creation of sector standards, driven by business associations, which serve as “guides or codes of conduct “that the authorities” would be willing to validate “for the correct application of the GDPR.

All participants agree that the correct and professional management of data involves incorporating technologies capable of processing information and force the business practices that do not offer guarantees in the treatment of information. “Applying the GDPR is a responsibility of all companies and institutions,” said Millares, SEGITTUR, who also stressed the importance of “inform and disseminate” the advantages, implications and associated with this regulation.