How Triptease prepared for GDPR

GDPR PSA: if you're on our mailing list and you no longer want to receive updates about our amazing platform, incredible events or unmissable blog then now is your chance! Unsubscribe here and your inbox will be free of our emails forever.

On the other hand, if you'd love to sign up to receive all that good stuff then you can do so below! You can update your preferences at any time.

How Triptease prepared for GDPR

By this point, you’ve probably seen so many (a) emails about GDPR and (b) jokes about emails about GDPR that you could be forgiven for never wanting to see those four little letters ever again. But, while GDPR fatigue is an all-too-real phenomenon, we hope we can revive your interest for just a little longer as we take you through how Triptease tackled the mammoth process of preparing for the May 25th deadline.

From Marketing, to Operations, to Product, to Tech, we put our teams through their paces in order to ensure our compliance. Read on to find out how we’re making Triptease a truly people-focused organization, from the experience we give them right down to the data we hold.


Early on in our GDPR preparations, we organized a company-wide data mapping exercise. Every department had to map out (a) which types of data they used, (b) how that data was stored, (c) how long it was stored for and (d) whether it was truly necessary to how we do business. This forced us to look at absolutely everything we were collecting, processing and storing as a company and make an informed decision as to its worth.

We were then able to determine in which scenarios we were data processors and in which we were data controllers, and to take the necessary action with regards to each. When Triptease facilitates conversations and bookings between hotel and guest on Front Desk live chat, for example, we are processing the data rather than holding it ourselves. In contrast, when we collect email addresses through our newsletter subscription form we are the controllers of that data.

Of course, GDPR doesn't just apply to the people using our products or reading our emails. As part of Triptease's preparation, our Finance, Operations and Recruitment teams looked into their own internal practices to see what data they were processing and holding.

The data mapping process highlighted to us that there were certain bits of data we could easily anonymize, as there was no added value to us of making that data identifiable. We were also able to identify and halt any superfluous data collection happening in the business, especially in the way our platform operates on our clients’ websites.


While we were always going endeavor to hold ourselves to the highest standards possible, we wanted to ensure that we had an objective input on our GDPR preparations. We invited a cyber security consultancy to carry out an independent audit of Triptease’s GDPR compliance and let us know how we were doing.

We learned a huge amount from the findings of the audit, but the biggest learning of all was the importance of process. We realized that while we were doing everything necessary to process and store our data correctly, there was still room to grow in terms of how we planned to deal with such things as ‘requests to be forgotten’. So, we went away and worked on it, and now have concrete processes in place for when we receive subject access requests from our data subjects.


Our ultimate aim with our entire GDPR preparation process was to give everyone we work with control of their data. We've worked hard to make sure our clients are equipped to communicate how our products work on their website and to ensure those products themselves are collecting only what they need to fulfil their function - nothing more.

We’ve made changes to our products, updated our privacy policy (although who hasn’t…), examined all our third-party contracts and provided clients with a guide to Triptease’s role in the data collection on their websites. If you’d like to find out more about Triptease’s GDPR journey then make sure to email us at with the subject line ‘GDPR’.

It's worth remembering that the 25th May deadline was not 'the end of GDPR'. At Triptease, we'll always endeavor to be as open and transparent as we can when it comes to your data and how we may use it. But we never stop learning, so if you have a question or concern about our GDPR journey then do get in touch.

GDPR PSA: if you're on our mailing list and you no longer want to receive updates about our amazing platform, incredible events or unmissable blog then now is your chance! Unsubscribe here and your inbox will be free of our emails forever.

About The Author

Lily is Head of Content at Triptease. When she's not investigating the industry or spreading the word that #DirectIsBest, she enjoys music, cycling, and obscure radio quiz shows.

Sign up for weekly insights: