By Ian Pellicano on 2018, July 25

How GDPR affects the way travel insurance companies accept credit cards online

By Ian Pellicano on 2018, July 25
How GDPR affects the way travel insurance companies accept credit cards online

The General Data Protection Regulation came into effect in the European Union on May 25, 2018, to set out clear compliance rules with regards to the collection, processing and storage of people’s personal data.

This has affected all businesses around the world, and the travel insurance industry is no exception. The fundamental tenet of this legislation is that companies cannot store credit card details of customers for longer than is necessary.

Accepting and storing credit card and online data

Travel insurance is a very particular case in relation to the storage of credit card details. If a shoe retailer sells a product to a customer, the scenario is clear-cut.  A client submits his or her details online and, once the product has been delivered, the seller should theoretically delete all data provided.

Things are not however as straightforward when travel insurance is being purchased.  Data cannot simply be deleted once a purchase has been made since a customer might come across an issue whilst travelling, meaning that you, as the provider, would need details on record for reference if something happens like loss of luggage, delayed or cancelled flights, and so forth.

It can get a bit more complicated. When individuals travel, their insurance covers the trip from departure to return date.  Unforeseen circumstances may arise, even at the very last few minute of their journey, therefore personal data and details submitted cannot just be deleted. These need to be held on to until the traveler returns home and the time window for lodging claims has expired.

It’s not just credit card details

Given the nature of the business, travel insurance firms traditionally held onto client details because customers are creatures of habit and usually return to the same company when they want to travel again.

The reality is that most travel insurance buyers would probably not mind that their details are kept on record, but the new regulations simply don’t allow it, and this is where culture change is necessary.

It is perfectly acceptable for travel insurance firms to keep their client data on file, but you cannot cut corners and store their financial transactions on your database.  As soon as it is logically feasible to remove credit card details, this must be done, even if it results in the cumbersome process of having to re-enter and re-process them again when a new purchase is made.

Unfortunately, travel insurance firms must comply with the new regulations, even if it means eating into both the customer and seller’s time.

The bottom line is that as soon as the deadline for submitting claims has expired, you, as the seller, are obliged to purge all credit card information and start afresh if a new policy is purchased again further down the line.