Every year on April 22nd, Travel Agent Day is celebrated. Brazil is a country full of tourist attractions, receiving numerous visits from foreigners or Brazilians seeking new destinations. Like other sectors that handle personal information, travel agents need to be aware of and comply with the General Data Protection Law (LGPD).
For this reason, it's important to consider that travel agencies request a lot of information to ensure registration and the completion of the purchase of a certain type of travel package. trip, for example.
Having said that, we will discuss the LGPD (Brazilian General Data Protection Law) in the tourism sector. We will begin with simple data, which serves to identify the stakeholders.
What data is most commonly collected by tourism companies?
Among the most common personal data in the tourism industry are:
- Full name, address, date of birth.
- Contact information: email address, phone number.
- Payment Information
- travel history
And so on… Other health-related information may be requested, aiming for greater accessibility and assistance from the company.
How does the LGPD (Brazilian General Data Protection Law) apply to the tourism sector?
Initially, it's necessary to understand which areas of the company involve data processing. Therefore, professionals who are fully involved need to be knowledgeable about the law and aware of ethical, moral, and confidential usage.
Having identified these, these are the strategic points that require investment. Conduct assessments with professionals in the field to test your structures, identify vulnerabilities, and adopt technologies that can help ensure data confidentiality, especially data that could compromise clients.
In this way, the company can act preventively by adopting necessary measures to minimize the risk of data breaches. Similarly, it ensures greater security by using technologies that protect customer information.
It's worth noting: risks will always exist. One of the goals of the LGPD (Brazilian General Data Protection Law) is to make them less frequent. As a result, every company should have a prepared incident response plan for security incidents, the so-called "contingency plans." In this way, they serve to prevent damage from occurring on a larger scale.
Practical tips for travel agents to stay compliant.
Moving on to your clients' questions. Consent is a key word and can be revoked at any time by the data owner. Now, you might ask yourself: what is consent? In short, it is a statement by the data subject, representing agreement on how personal data will be processed, given its explicit purpose.
It is essential that you have trained support staff to handle communication issues related to data request processes. In other words, the support agent must know that the data subject may request the revocation of consent, changes, or deletion of personal data. Communication will be a key element between the teams.
Speaking of communication, transparency is another concept that appears in every article of the LGPD (Brazilian General Data Protection Law). That is, the principle of transparency guarantees data subjects clear, precise, and accessible information about the processing of data and the respective data controllers. Issues of this type are present in privacy policies, which must include the aforementioned guarantees.
