How Sabre and Amadeus Are Dealing with New EU Privacy Rules

by Daniel McCarthy
How Sabre and Amadeus Are Dealing with New EU Privacy Rules


The new European Union General Data Protection Regulation (GDPR), which will officially go into effect on May 25, two years after being adopted by European Parliament, will impact businesses both inside and outside of Europe, including travel agencies around the world.

Two of the largest distribution systems in the world, Sabre and Amadeus, spoke with Travel Market Report about what this means for them and what agents should know about the GDPR and how it impacts their GDS dealings going forward.

“Sabre takes privacy and data protection very seriously,” Sabre Data Privacy Officer David McKinney told Travel Market Report.

According to McKinney, Sabre has formed a “cross-functional project team and dedicated significant global resources” to deal with the implementation of the new rules. That includes adopting new legal requirements that will satisfy new GDPR requirements, and putting out new customer and supplier contracts to address the new rules.

“Where necessary, we have refined our system capabilities to accommodate new data subject rights request and revised in-scope policies," McKinney said. "We monitor the evolving regulatory landscape and will implement additional changes as appropriate.”

McKinney explained that Sabre has also put together a new website that will answer questions from customers about the new rules, including how Sabre is training its own employees on the GDPR, and a new dedicated email address to answer questions and concerns from customers.

Amadeus, which serves more than 195 countries on more than 948 million key billed travel transactions each year, said that it will comply with all GDPR rules on its hospitality website.

“Amadeus will comply with the contractual obligations it has with Customers and with direct responsibilities it may have as a Data Processor under the GDPR, this will include ensuring the appropriate organizational and technical measures in place to protect the Personal Data,” its website reads, though it says that it cannot confirm that any of its products or services are compliant.

Amadeus released an enhancement to its e-ticket and itinerary documents earlier this year that will enable its customers to be compliant with the IATA GDPR mandate (

Broad advice for travel agents
Sabre's McKinney said that the new rules are “a concern for North American travel agents who target customers who are EU residents,” though Sabre is “not in a position to provide legal advice or to advise what actions are required by our customers.”

He provided Travel Market Report with a brief overview of what the GDPR requires, which includes that “data considered ‘personal’ must be protected and processed only as permitted; access to this date is controlled and restricted contracts with third-party processors must contain certain specific terms,” and more.

He also pointed out that some larger agencies that have a lot of European clients, may need to look to outside help or add a member to their team, McKinney said.

“Because the GDPR is complex, some companies will require the appointment of a data protection officer … we recommend that companies review the requirements of the GDPR and decide if they need to speak with their legal counsel to determine its applicability to their business,” he said.

For agencies that do not have the ability to look to counsel or outside help, there is a one-hour presentation on the new rules available here that Sabre also recommends.

Amadeus told Travel Market Report that, “it is of crucial importance for travel agents to understand their role under GDRP, as it might have repercussions in the way they work or operate.

“The role that travel agencies have under GDPR will need to be determined by each of them depending on the services they provide. It is likely that travel agencies and other travel suppliers such as airlines, hotels and car rental companies (travel providers) will be considered as data controllers for the majority of processing activities.”

A data controller is the party that determines the means and purpose of the processing of the personal data.  

According to Amadeus, agents “need to consider how they want that personal data to be processed, especially when working with third-party providers.

“The travel agency should ensure there are written agreements – data processing agreements – with these data processors, to make sure their standards and security measures to protect the personal data and other requirements under the GDPR are met,” the spokesperson said.

TMR Recommendations
Top Stories
The Travel Corporation Launches New Multi-Brand Loyalty Program

The program helps agents reward loyal customers with a 5% discount on all of the TTC brands — Trafalgar, Costsaver, Insight, Luxury Gold, Uniworld, U River Cruises, and Contiki.

AmaWaterways Rolls Out New Webinar Series for Travel Advisors

Webinar Wednesdays are designed to provide advisors with essential knowledge about its cruise products and tips on attracting new-to-river-cruise luxury clients.

Bahamas' Warwick Resort Offers Agents Third Night Free

Agent rates at the all-inclusive resort start from $280 per room per night.

Amadeus Launches Updated Version of Web Service with NDC

The company’s latest version of its web services solution, Amadeus Travel API, will provide travel agencies with worldwide access to new content and fares through NDC.

American Airlines Expands Support Team for Travel Advisors

The airline announced it will increase staffing for its dedicated sales support team by 50% to provide better service for travel professionals.

Travel Institute Aims to Streamline Education Standards

New digital credentials tool offers third-party confirmation of CTA, CTC, and CTIE certifications for travel agent course graduates.

News Briefs
Tip of the Day

As travel advisors, we have to be curious. Curiosity leads to impactful connections that pave our road to success. - Jenn Lee, VP of Sales and Marketing, Travel Planners International

Daily Top List

Tips for Reaching $1 Million in Sales

1. Be consistent in your marketing.

2. Create systems and follow them.

3. Use your consortium’s marketing services.

4. Listen for personal details and use them.

5. Leverage your CRM.

Source: TMR

TMR Outlooks
Advertiser's Voice
AmaWaterways - Christmas Markets