The European Union's new General Data Protection Regulation (GDPR) makes you legally accountable for what happens to the personal data that you receive. This article includes some clear steps on what to do to comply.
The definition of "personal data" covers just about every piece of client information that a travel agency or other travel business gets: "'Personal data' means any information relating to an identified or identifiable natural person ... an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Since you may be getting personal data from EU individuals you are going to target, you have to do these things:
First, make sure all of your staff is aware that personal data must be protected. Have them sign confidentiality agreements or policy statements, and prohibit transfer of personal data out of your office unless specifically authorized by a contract with a data processor.
Get the full story at Travel Weekly