Stay in control of your personal data with VCK Travel’s Profiles
Despite GDPR, your personal data are going around the world
We don’t think there are many people who don’t remember what happened on 25 May 2018. On that day, the European General Data Protection Regulation (GDPR) came into effect. Data privacy has been a very hot topic ever since. In a few years’ time, though, we may think nothing of it, and everything we’ve achieved now will be taken for granted. In the months following 25 May 2018, the GDPR made one thing painfully clear: there is no such thing as privacy on the internet. But at least we’re now saying it out loud.
Personal details have been stolen by the hundreds of millions from companies both large and small. In our own industry, Marriott suffered a significant hack in November last year: details of 500 million users, including more than 300 million passport details and other sensitive data were stolen. And if data is not stolen, it’s often sold to third parties by the likes of Facebook. In other words, your personal data are worth money – a lot of money. As a result, you’re running a considerable risk. In certain circumstances, your identity may even be used to carry out criminal activities. And it will then be up to you to beat the system and show that you were not who you were when that happened.
In the world of travel, data privacy is quite complicated. We enter into agreements with all our customers. These agreements include a Data Processing Agreement, which stipulates with which parties we will share your personal data and why. That seems logical. After all, if there’s one sector in which personal data is used extensively, it’s ours. But it’s not as straightforward as it seems, because in many cases, we don’t even know ourselves what happens to your data.
Of course, we pass on your details to airlines, such as KLM, so that you can safely board, and KLM can verify your identity. KLM can even send you a text message if your flight is delayed. And if you’re flying with a partner airline, they will also be notified. But you don’t even have to fly with that partner to end up in their systems. In Atlanta, you can only check in online with Delta, even when you’re flying KLM. Will Air France be any different? There are even examples of passengers getting a KLM boarding pass without having booked any part of their journey with KLM.
Let’s take a look at hotel reservation systems. If you book a Marriott hotel through booking.com, where do you think your details are being sent? You haven’t got a clue. And it’s simply impossible to find out. Another example: that friendly hotel in the middle of nowhere. Do you think they have arranged anything in terms of GDPR? And yet, it’s the only place that has a bed for the night. The street is no option, so you don’t really have a choice and will leave your personal data at the hotel.
And what about Global Distribution Systems (GDSs), such as Amadeus, Sabre, and Travelport? Many TMCs and travel agents make use of these large and complex reservation systems to reliably store their customers’ personal data. However, this has some obvious disadvantages. By having your data managed by a TMC’s GDS, you have to rely on the cooperation and technological capacities of these two parties. In addition, your data will need to be regularly updated. People go on a diet, get a new passport, or an extra frequent flyer card. You can’t access your data across platforms. That’s why we believe that you should always stay in control of your own personal data.
To achieve this, VCK Travel has decided to start making use of ‘Profiles’, a new product that not only complies with the PCI DSS security standard for credit card details, but also offers optimum data protection. Contrary to the global GDSs, the Profiles database is located within the European Economic Area (EER) in Switzerland. All data is fully encrypted. Not even our consultants can see any credit card details. This gives you reassurance that the personal details of your travellers are safe. Profiles is ISO 27001 certified.
From now on, your company’s business travellers can manage their own personal data and preferences. Profiles can also be linked directly to your HRM system, which means that a large number of profiles can be added, changed or removed simultaneously. You can even get a reminder when passport or other travel documents expire. If you use Profiles, your company and travellers’ profiles will always be up to date, both online and offline. This web-based solution is very user friendly and does not require any installation.
At the same time, airlines are increasingly promoting the use of NDC (New Distribution Capability). With NDC, flights can be booked without making use of a GDS. By introducing Profiles for our customers, we’re getting ready for the future NDC environment. Independently of the reservation system used, Profiles offers the reassurance of securely stored personal data that can be easily accessed. Profiles is also used by our global network Radius Travel, ensuring a seamless experience for our global customers in all other countries in which they operate.
Your VCK Travel Account Manager will soon contact you to tell you more about the migration to Profiles. If you don’t want to wait for that, you can contact us yourself and request priority treatment for the migration.
Despite GDPR, your personal data are going around the world We don’t think there are many people who don’t remember what happened on 25 May 2018. On that day, the European