Jamaican operators fall in line with European data law
Jamaican companies with interest in the European market and players within the tourism industry are sanguine that they took the required action to comply with the General Data Protection Regulation, (GDPR), which went into effect on May 25.
The new European law puts limitations on how companies collect, use, and share people's data, and threatens fines of as much as four per cent of global annual revenue for non-compliance.
GDPR demands that companies secure consent from users before collecting any data, and requires them to notify regulators and affected individuals of any breaches of security.
It is expected that any company, globally, which interfaces online with residents within the European Union, a block of some 508 million people, will be affected.
One Jamaican businessman sees opportunity in the law, saying it offers a chance for businesses to more properly define their market targeting strategies.
GDPR is effectively "a huge favour" to businesses, which now only need to "communicate with persons that actually want to hear from them," said CEO of Audience Data Strategies and immediate past president of the American Chamber of Commerce in Jamaica, Ronald McKay.
For GraceKennedy Limited, a large conglomerate, which earns 15 per cent of its revenue from Europe and the United Kingdom, it expects nil disruption to its operations.
"GraceKennedy has a subsidiary which operates within the European Union, known as Grace Foods UK Limited. Our team in the UK has taken action to comply with the General Data Protection Regulation requirements," said Group CEO Don Wehby.
"Further, we recognise that the GDPR has substantial similarities with the Canadian Personal Information Protection and Electronic Documents Act and the draft Jamaican Data Protection Act, so we are using the changes being implemented in the UK to strengthen compliance wherever we operate," Wehby told the Financial Gleaner.
GraceKennedy's key European markets are Germany, Holland, France and Italy, but the group also plans inroads into Spain this year.
"Given our compliance, we do not expect any significant impact on our business and trading relationships, and we wish to affirm our support for protecting the personal information of our suppliers, customers, consumers and employees," Wehby said.
Meantime, members of Jamaica Tourist Board, JTB, team are currently in training to complete their ISO certification in GDPR, according to Director of Tourism Donovan White.
Europe is a growing market for Jamaica, accounting for a record 325,804 tourists last year, approximately 31,000 more than in 2016. The top markets in Europe are the UK, Germany and Italy.
White, who also heads the JTB, says the type of marketing activity pursued by the tourism agency and local operators gives them limited exposure to the new law.
"With regard to tourism, the current thought is that there will be minimal impact on the marketing activities as the vast majority of Jamaican tourism stakeholders are involved in business-to-business marketing, as opposed to business to consumers," said White.
It is the "in-market companies" such as tour operators who tend to store consumer data, he said.
Still, White is advising that all local companies in the trade take note of the new data protection requirements and adjust their practices regarding engagement with Europeans.
"All on-island tourism entities need to ensure that consumers grant permission for any collection of data for example, credit card information, birth days, home addresses, marital status, next of kin and on departure, must be able to demonstrate that the information is deleted. If the information is to be kept, consumers must know how the data is to be used in the future," the tourism director said.
In circumstances where the tourism operator needs to contact clients or guests at a future date, those consumers must be asked to sign an agreement saying they are willing to be contacted. "And if there is a breach, entities are obligated to advise consumers within 72 hours of the breach," he added.
The JTB itself does not communicate directly with European consumers, but does business through third-party marketing agencies that themselves have to be GDPR compliant.
"Notwithstanding, the JTB is ensuring that as a company, we are in compliance with the GDPR, and will help to ensure Jamaica tourism entities are aware of the requirements as it relates to marketing and the handling of consumer data," he said.
GDPR 2018 is a replacement of the EU's Data Protection Directive which was adopted in 1995. GDPR outlines the responsibilities of organisations, with the aim of the privacy and protection of personal data, and the movement of such data.
McKay also sees an opportunity for marketers in the new law.
"As the 25 May deadline for GDPR has now come and gone, most people I've been in contact with over this past weekend have asked why are their in boxes being flooded with frantic emails requesting them to give their consent to companies in order for these companies to keep contacting them. My answers surprised many of them," he told the Financial Gleaner.
"GDPR once and for all forces companies to truly engage with only the people that want to be engaged. On the flip side, the audience finally has the opportunity to tell the business world what they want to hear about, how they want to hear about it, how often and when. The result is a paradigm shift in all facets of how to, who to and with whom will marketing be targeted," he said.