The new EU law that came into effect on 25th May 2018 which governs your responsibilities regarding EU citizens’ personal data.

Don't ignore it 

In summary it means:

  • You should not keep anyone’s personal data longer than is reasonable
  • You should know how you acquired that data
  • You should know what data is stored where, how to get to it and how to delete it
  • All your staff should know about it

You need to be ready for a “GDPR Subject Access Request” – that’s when someone asks you what data you have on them; you need to be able to show them exactly what you have. If they ask for you to remove it, you should be able to, and you should have a procedure in place on how to do it, of which all your staff are aware.

We have had meetings with specialist travel lawyers about GDPR and so have a good idea of what’s involved. It’s actually not as bad as it sounds.