In a May 2017 article in The Economist, data was called “the oil of the digital era” confirming what we all know: Data is now more valuable that oil.
In recognition of the increasing value of personal data as a commercial commodity, the European Parliament approved the General Data Protection Regulation (GDPR) in 2016 and gave companies two years to prepare their systems and policies for compliance. The regulation, which became effective May 25, governs how companies gather, store, share and destroy personal data of people living in the EU, regardless of where that company is located.
During the past two years, Travelport has invested time and energy to be ready for, and in compliance with, the GDPR’s implementation. Our mission was simple: To comply with our legal obligations under GDPR and to support our customers around the world to ensure we were all fulfilling our responsibilities under the new regulations.
Travelport created a team dedicated to GDPR implementation, including a newly appointed Data Protection Officer. Because we both control and process data within our Travel Commerce Platform, Travelport focused on the management of any data which leaves the EU through our systems and the responsibilities associated with the types of personal data we process, the basis for processing personal data, and the retention period for personal data. With the GDPR regulations potentially touching every sector of the global travel industry, and with Travelport having customers on both sides of the travel supply and demand chain, we dedicated our efforts to creating confidence in our customers regarding how we used, managed and transferred their customers’ personal data.
We have always had our own policies and compliance procedures around data privacy and data protection, so we were well prepared for this new legislation. Every day 100TB of data is processed through Travelport’s more than 20,000 physical and virtual servers, with more than one trillion transactions processed annually. In acknowledging that Travelport engages in the large-volume processing of sensitive personal data, and the responsibilities to our customers, Mike Croucher, Travelport’s chief architect, recently told Phocuswire:
“We value the trust that companies put in us to have their data, and therefore as a platform,
we’ve always had to build ethics into what we do. GDPR to us is just a reflection of that
Our technology architecture team is busy thinking about how new technologies like blockchain may help us manage data in future. And Mike has theorized that in the future, individuals could store their data in a personal data bank and withdraw the relevant pieces of it to exchange with a company at the relevant time, in the same way you keep your money in a central bank and share the necessary amount with a provider when you buy goods or a service.
I am confident Travelport will continue to support our customers by prioritizing data protection and data privacy, playing our part in making the buying and managing of travel faster, easier and more enjoyable in the new data-driven economy.