Practical tourism data protection

The General Data Protection Regulation goes live across Europe in May 2018. Make sure your tourism business is ready.

GDPR for Scottish travel and tourism businesses




Half day

Course code:


Dubbed as one of the biggest shake-ups since the 1998 Data Protection Act, the General Data Protection Regulation (GDPR) is a worldwide requirement for any business holding personal information on any EU citizen.

Every business holding personal data (e.g. names, addresses, contact details, etc) will need to comply with the legislation, but research shows that as many as three in four small businesses aren’t ready.  The potential fines have been sensationalised in the press (€20 million or 4% of annual global turnover, whichever is the greater) – but even this hasn’t driven businesses to act.

This is a simple, straightforward guide to understanding the key changes and how it affect tourism businesses in particular, as they generally handle customer bookings from EU citizens.


It is recommend that Intermediate cyber security for Scottish travel and tourism businesses is completed prior to this course

Delegates will learn how to:

  1. Appoint a Data Protection Officer where necessary
  2. Carry out a Data Protection Impact Assessment
  3. Address data subject rights under GDPR
  4. Meet the technical requirements for GDPR

This is a non-technical course designed for tourism business owners who have advanced needs including the storing of personal information from guests and conference facilities.

Course outline

  • An introduction to GDPR
  • The roles and responsibilities for Data Controllers and Processors
  • The rights of data subjects
  • The DPIA

Your tutor

Your tutor is a 25 year veteran of cyber-security - having been on the front line: designing, building and running secure websites and applications to process business-critical and personally identifiable information (PII) for some of the most cyber-targeted organisations on the planet.

From the German and Japanese car industries, the global diamond industry, international and off-shore finance, through to the UK government - he has been pitched against everything from script kiddies to motivated and well-financed international gangs who have openly contacted clients to annouce that they will be disrupting their operations.

With experience throughout the supply chain, he has worked as both poacher and game-keeper - both setting and delivering against standards such as ISO27001. This has given him a unique insight into the strengths and weaknesses of every part of the value chain from the consuming enterprises, through cloud and managed services providers right down to the micro-businesses and sub-contractors that are often the real providers.

FREE course materials

Comprehensive course notes are available during the session for you to take away with you and share with your colleagues.

FREE course updates

Our course notes are regularly updated because the security landscape is changing every day.  If you sign up to our mailing list as a delegate, you get free access to all future updates by e-mail.

Course fees

All of our training is offered on a not for profit basis and all courses are delivered free of charge. A small contribution towards travel costs and subsistence is normaly requested.

This course is intended for Tourist Boards and Chambers of Commerce to organise and offer to up to 16 delegates in a classroom setting. Other options are available for larger venues and audiences.

Discover Brand:fire

Get an independent view of your cyber security.

Download brochure or Contact Us