With so many emails flooding your inbox recently from different companies, the newly enacted General Data Protection Regulation (GDPR) should need no introduction!

In short, it is a legal framework designed to protect Personal Information (PI) of customers in the European Union (EU). Examples of PI include passport number, date of birth, gender and nationality.

GDPR is important to BusJourney. Here are the measures we’ve taken to guarantee the protection of our customers’ confidential information.

Why GDPR is relevant to BusJourney
BusJourney is helping travellers to book bus tickets online worldwide. With customers across 75 countries, including EU countries, GDPR definitely matters.

As part of the booking process, passengers provide personal information to BusJourney to complete their transaction. BusJourney maintains confidentiality of this information. To achieve this, GDPR BusJourney follows a set of requirements that we have embraced and implemented to strengthen the protection of customers’ data.

By partnering with our valued bus suppliers in countries around the world, BusJourney is able to provide the largest bus route inventory to its customers. Every country has different rules and regulations for bus travel. Consequently, the set of personal information asked during ticket booking will vary from one country to another. For example, in Canada, one bus operator may need only a passenger name, whereas in Argentina, a passenger’s gender, date of birth, nationality, country of residence and ID number (passport or DNI) may be required.

How we are keeping customers safe
BusJourney passes the passenger’s information to its bus operator partner to complete ticket booking under specific contractual provisions. To provide the best customer service, we may also store this information for a reasonable amount of time following the date of departure. After that, the passenger’s information is removed from our systems.

If we think of data protection as an engineering problem, the solution lies in defence via layers. To that end, we follow the guidelines established by the OWASP (or Open Web Application Security Project). The first line of defence is making the information hard to understand by encrypting it before storing it. We increase the protection even further by periodically changing the encrypted content, while being able to decrypt the content correctly when needed. Another mechanism to reduce the risk is to expire and remove sensitive information as soon as it is no longer needed. Finally, we also proceed to remove as soon as possible any personal data if requested by our customers, subject to applicable laws.

Our commitment to customers worldwide
Our customers place their trust in BusJourney when they provide personal information to complete their booking with one of our bus operator partners. BusJourney has always been committed to ensuring that our customers can travel without worrying about the confidentiality of their information.