In order to achieve GDPR readiness, and comply with the new regulations effective 25th May, 2018 Corporate Travel Management have appointed a dedicated Information Security and Data Protection Officer who has been working in our business since November 2017. Our DPO is implementing a 12 point plan based on the ICO’s “Preparing for the GDPR” We are engaging with suppliers to finalise our plans, implementing in good time.
We are rolling out an internal training program, updating our policies and privacy notices, and reviewing contracts with suppliers to ensure that customer requirements are met. Work is underway to ensure that all data subject rights can be fulfilled by our systems, and incident reporting procedures are being updated to GDPR standards.
Corporate Travel Management has PCI DSS Level 3 and is actively pursuing certification to ISO/IEC 27001:2013. We undertake regular penetration testing and ensure that all our staff are trained and aware of privacy and security policy.