GDPR & the Local Travel Industry – Daily Mirror

Sri Lanka Association of Inbound Tour Operators (SLAITO) in collaboration with organised a GDPR awareness summit to all its members & the hotel community (THASL) on the 11th of July 2018 at the Lakshman Kadirgamar Institute in Colombo.

This summit is part of the ongoing exercise undertaken by SLAITO to educate the local industry on the new European General Data Protection Regulation that came into effect on the 25th of May 2018.

With over 35% of inbound travelers originating from the EU, Sri Lankan Tour Operators and Hotel Operators should follow this data protection regulation” said Haritha Perera – Chairman of SLAITO.

He emphasized that since this is something new to the industry, it will be a long and tedious journey for Operators to be compliant due to the existing business practices. But said, it is essential we follow the guidelines for the future of the industry and that we immediately start the process to be compliant.

The guest speakers included Ranjika Manamperi – CEO of, a Cyber Security company specializing in cyber risk management and GDPR compliance solutions to the travel industry, presented GDPR implementation guidelines covering the local tour and hotel operators.

Ranjika spoke to the applicability of GDPR to the Sri Lanka Travel Industry.  If your organisation directly or indirectly markets travel services to EU based travellers and or if your organisation is part of EU based company and or if you carry out DMC services on behalf of a travel company that targets EU based travellers, your company will come under GDPR scope, she said.Ranjika also stressed that implementing GDPR includes changes and improvements to operational processes, supplier relationships, technology and staff awareness. “GDPR is an ongoing process in your organisation. It requires a cultural shift in handling personal data and data security” she said. Ranjika also emphasised to local companies to pay attention to the data protection and liability clauses incorporated in vendor and B2B agreements.

Samantha Simms, an information law attorney from UK, who is the founder of The Information Collective, spoke about the need to protect customers personal information and the impact to Organisations when a data breach does occur.  Due to the myriad number of partners involved in providing travel solutions it can be challenging to control what happens to customers information when its transferred onwards.  She stressed that under GDPR your accountability to protect that information doesn’t end after the information is transferred but you have an accountability to ensure that your partners handle the same information securely and notify you in the event of a data breach.  She also raised the need to simplify privacy and data protection to enable global organizations to turn legal compliance such as GDPR into commercial opportunities.

Following the presentations, there was a panel discussion moderated by Dayan Gunasekera comprising industry experts namely Sanjeewa Anthony (THASL), Upali Rathnayake (Sri Lanka Tourist Board) Harith Perera (SLAITO), Hasitha Gamage (Sudath Perera law firm), Ranjika Manamperi (Secur Matic) and Samantha Simms (Information Collective). SLAITO and THASL members posed many questions and clarifications pertaining to GDPR on a macro and micro level.

  • neither liable nor responsible for any information / contents published in this article

Full details are available from the link below:

Source URL: Travel – Google News

Leave a Reply

Note: Comments on the web site reflect the views of their authors, and not necessarily the views of Requested to refrain from insults, swearing and vulgar expression. We reserve the right to delete any comment without notice explanations.

Your email address will not be published. Required fields are signed with *