The European Union’s General Data Protection Regulation (GDPR) went live recently, making it exigent that every business in India dealing with an EU counterpart pledges compliance. The legislation raises the standards of personal data privacy across the world by changing the rules of companies that collect, store or process user information. VFS Global, at the individual level, any outbound traveller to any of the Schengen and UK destinations, irrespective of nationality, is now covered under the sweeping data protection and privacy rights regulation. Barry Cook, Group Data Protection Officer, VFS Global explained that, as of May 25, 2018, businesses dealing in travel and visa facilitation services had to have critically evaluated and reinforced their information management systems to avoid the risk of data breaches, which can now attract heavy fines. The law was enacted two years ago while its enforcement across all 28 EU countries came into effect at midnight on May 25, 2018. The scope of GDPR is sweeping and encompasses right to access data, modification and erasure, right to object to automate processing or even to restrict processing, among others. It also forbids targeted emails unless there is explicit consent from an individual at the receiving end. “We process millions of visa applications to EU nations from 139 countries world over, and it is imperative for us to put in fool proof systems to abide by the legislation. In general, travel and visa facilitation companies, by virtue of the nature of their business, are heavily exposed to personal data, which means that the industry as a whole needs to have imminent readiness to be GDPR-compliant,” Cook said.
Read More »