New data law may make the trip tough for travel sector

economictimes.indiatimes.com:

visa application requirements are grappling with the compliance requirements that could get triggered under the new Digital Personal Data Protection (DPDP) Act.

Significant data fiduciaries will also have to assess implications not just from a compliance standpoint, but the cash flow impact in tax laws as well under the law that came to effect earlier this month, experts said.

The travel and hospitality sector has traditionally had access to a lot of customer data which could all come under scrutiny now.

«Companies need to take explicit user consent before user data is used under the new law, and the travel and hospitality sector will see a lot of digital transformation. Because of some of the physical touch points and points of sale, companies are grappling with sensitising their front desks on the matter.

As much as possible, hotels will now have to ensure that user data is digital and there are paperless check-ins and reservations. If you look at loyalty programmes, there's a lot of cross selling and upselling that happens through data,» said Mini Gupta, technology partner, EY India.


«The sector has a third-party ecosystem and companies are looking at minimising data exposure to third parties.

Visa processing firms have access to critical data. International companies that are GDPR (General Data Protection Regulation of the European Union) compliant will have to look at other elements such as seeking multilingual consent and would need a data protection officer stationed in India if they qualify as significant data fiduciaries,” she added.Rahul Garg, managing partner at tax and regulatory consultant Asire Consulting, said significant data fiduciaries in the sector would have to assess the kind of major implications it