GDPR in Travel: The Opportunity.


With the regulation deadline fast approaching there is lots of discussion around what brands need to be doing next to cleanse their data and improve compliance. This has created a wave of panic within the travel industry and with the deadline just months away I thought this would be a good time to reflect on the opportunities it proposes:

  • More valuable data
  • Better data security
  • Enhance the customer experience
  • Build consumer trust
  • Beat the competitors
  • Achieve digital transformation

I’ve broken this down into 4 key areas I feel are the most important to brands. 

#1 Customer Data

In theory, if a business can successfully implement GDPR then their data will be more valuable to the brand because:

  • It will be freely given
  • It will be from customers with a genuine interest in your product/service
  • It will be more valuable to you and the customer, therefore creating a better business-to-consumer relationship

Collection of Data
How brands collect and store this data is a vital step and it’s important to consider the key touchpoints in a typical customer journey when the consumer will leave a digital footprint of some kind:



#2 Improved Security

Brands will essentially use a variety of different technologies and tools across their business which are either collecting, identifying or processing customer data. Under GDPR whilst you might not be in breach, as the Data Controller if you have used a Data Process that then has a breach they will try to pass liability back to the brand; as the controller brands should only be sharing data with sources they can guarantee are free from encumbrances.

Data Sharing
The more customers interact with a website the more data that business is collecting. Travel brands often share this data with other data processes such as email marketing platforms, booking engines, social media platforms, hotels, flight providers and so on for remarketing purposes. Therefore, when you think about where this data might be being shared the flow of data rapidly expands.


#3 Single Customer View

A CRM or Single Customer View tool is a straightforward way of stepping towards GDPR compliance. For many years the idea of a ‘single customer view’ has had huge marketing and user experience benefits but now there is the added benefit of understanding what data you hold, where you hold it and how it has developed over time.

Now, this is something that can be used to better understand your niche, giving you the opportunity to develop your holiday ‘product’ to evolve with your audience’s needs and at a more granular level; personalise it even further.

#4 Trust & Experience

GDPR requires brands to be more transparent about their intentions for data and therefore a new level of consent has to be attained before contact can be initiated. For brands this reinforces the idea of having more valuable data and therefore the opportunity to build better more valuable relationships.

Trusted Privacy by Design
Privacy notices are a vital element of GDPR meaning that brands need to explain who they are, what they do and what they want to do with customer data as well as the ability to be more selective when managing their preferences. It’s also essential that businesses provide information about who this data will be shared with and how to withdraw the data.

Consent in Practice
Consent is one of the six reasons as to why brands can process someone’s data. GDPR tells brands that when they are asking for consent it needs to be on one of the following terms:

  • Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing-up to a service unless it is necessary to do so.
  • Active Opt-in: no pre-ticked boxes.
  • Granular: give granular options separately for different types of processing
  • Named: name your organisation and any third parties who will be relying on the consent given.

Whilst GDPR compliance is a complicated issue that needs to be supported from the top down, in some cases the attitude to compliancy is going to be harder to achieve than the technical aspect.

If brands do embrace this regulation successfully there is a huge opportunity to build open and honest relationships that create lifetime customer value and brand advocates.

If you would like help or guidance with implementing GDPR in your business, please feel free to contact me via and let's discuss how your travel brand can embrace the opportunity that is GDPR!

This blog was originally posted on the Travel Technology Europe Exhibition website on 8th February 2018.

Paul Stephen
Paul Stephen
Co-Founder & Executive Director
With over 25 years in marketing, Paul is one of the UK's leading experts on digital marketing. He oversees the agency and often lectures and consults within the industry on digital and marketing related subjects and has a particular interest and skills in the travel and tourism sectors.

Paul operates nationally and internationally, helping brands to think outside the traditional horizontal and vertical channels and transform their business with creative multi-channel marketing and digital re-invention.
Paul Stephen

Paul Stephen

09 Feb 2018 - 8 minute read
share this

stay in the know, stay ahead.

Get the latest from the agency, including news, events and expert content.
find out what we can do for you
read some of our case studies