Recently, the European Union’s General Data Protection Regulation (GDPR) went live, making it exigent that every business in India dealing with an EU counterpart pledges compliance. The legislation raises the standards of personal data privacy across the world by changing the rules of companies that collect, store or process user information.
For a business like VFS Global, at the individual level, any outbound traveller to any of the Schengen and UK destinations, irrespective of nationality, is now covered under the sweeping data protection and privacy rights regulation.
Barry Cook, Group Data Protection Officer, VFS Global explained that, as of 25 May 2018, businesses dealing in travel and visa facilitation services had to have critically evaluated and reinforced their information management systems to avoid the risk of data breaches, which can now attract heavy fines.
The scope of GDPR is sweeping and encompasses right to access data, modification and erasure, right to object to automate processing or even to restrict processing, among others. It also forbids targeted emails unless there is explicit consent from an individual at the receiving end.
Cook added, “We process millions of visa applications to EU nations from 139 countries world over, and it is imperative for us to put in fool proof systems to abide by the legislation. In general, travel and visa facilitation companies, by virtue of the nature of their business, are heavily exposed to personal data, which means that the industry as a whole needs to have imminent readiness to be GDPR-compliant.”
The law was enacted two years ago while its enforcement across all 28 EU countries came into effect at midnight on 25 May 2018.
“Travel to European destinations from India form a major part of VFS Global’s business, and we have already instituted an array of security measures and internal mechanisms in earlier years to ensure that we are GDPR ready. We are proud to say that, according to a global research, we belong to approx. 15 per cent of companies that are GDPR compliant,” said Barry, adding that VFS Global has always followed a prudent policy not to store user data, and delete it at periodic intervals. Going forward, GDPR will be a global benchmark in privacy standards and we see it as an opportunity to implement world-class data protection policies across the VFS Global operations globally, including 447 Visa Application Centres we operate across India,” said Cook.
He added that the processes and mechanisms VFS Global has triggered to stay within the norms of GDPR include deployment of a state-of-the-art website cookie preference centre that allows users to choose what cookies they want in their browser to creation of a dedicated communication channel for applicants to find out how their personal data is used and to answer their queries.