Data has always been useful, but in an analogue world it was expensive to gather. In a digital world, it is infinitely easier to collect, combine and then mine with AI.

Google, Facebook and other social companies have become a dominant oligopoly by collecting data-by-stealth and thereby controlling global advertising and more with their data-based business model.

The advent of GDPR has brought this oligopoly under a spotlight, but other organisations who have shared BigTech’s addiction to customer data are finding it a tough habit to control.

This is particularly true for brands that have relied on collecting customer data to build profiles to personalise customer experiences, such as those in retail or the travel sector. Recent high profile fines however are a stark reminder that addictions come with risks attached.

Google itself was the first to come under fire when they were fined EUROS 50 million by France’s data protection supervisory authority – CNIL – for lack of transparency, inadequate information, and lack of valid consent regarding personalisation of ads.

In the UK the ICO recently slapped British Airways with a proposed fine of £183m for a breach of customer data, and the very next day, a second culprit was exposed. The ICO announced that it intended to impose a £99 million fine on hotel chain Marriott for failing to protect personal data contained in approximately 339 million guest records.

These serious breaches serve as wake-up calls for all companies, big and small, and particularly those travel brands who need to seriously re-visit their fundamentally flawed websites and CRM systems.