Compliance Management

To enable and configure these settings, go to the Travel Content area and select Compliance Management. You will be given the option to configure your consent settings for CCPA or GDPR. These instructions will cover the GDPR setting options.

GDPR Administration

Explanation of options given:

  • No: Will not display additional consent settings from the admin interface. Your consumer site will be updated to include a disclaimer to the applicable NexCite form pages (see here for list of pages) that "This form is not intended for persons within the European Economic Area or United Kingdom. If you are within one of these regions, please contact us directly for assistance."
  • Yes: Will display additional consent settings that can be configured for use with your site.


Privacy and Data Use Policy

Additional language will be applied to the applicable form pages indicating: "The data submitted in this form will be used to fulfill this request. For more information about how we protect your data, please review our Privacy Policy." The words "Privacy Policy" will link to your privacy policy.

  • Edit Privacy Policy: used to edit or add your privacy policy. If a change had been made to the privacy policy, this page will also indicate the date and time of when it had last been updated. Your privacy policy will display first followed by the Passport Online privacy policy. The Passport Online privacy policy is not editable.
  • View Privacy Policy: Used to view how the current privacy policy will look for consumers.


Consent Notification

Use this to assign which email address will receive notification of changes to consent by your users. This will allow you to immediately know when a user has withdrawn consent to participate in additional processing of their data. You will also be able to run a report to view consent withdrawals.

Your customers will be able to submit a consent withdrawal form through your privacy policy page or from the different applicable form pages.


Manage Consent Items

Consent Items are used to add the consent language that you want a user to agree to when submitting their personal information. Use the Manage Forms to assign which form pages you want your Consent Items to show on.

When creating a new Consent Item, the Internal Name will show only within the internal Compliance Management area. The Consent Text will display on your consumer site along with a checkbox. See below for an example.

Note: Consent Items cannot be edited. You can, however, delete an item and re-add it with your desired changes.


Manage Forms

You will be able to select which form pages to show your Consent Items on.


Example Consent Item as Displayed on the Newsletter Form Page

After selecting Add New Consent Item under the Manage Consent Items, the following was entered:



Under the Manage Forms section, the Manage button was selected for the Newsletter and the Third-Party Marketing Emails consent item was checked to be included on that page:



The Newsletter form page will now be updated to show the consent item if the customer selects that they are from within the European Economic Area or the United Kingdom:




GDPR Activation

Explanation of options given:

  • Yes: Will take your compliance settings live
  • No: Will let you continue to work on your compliance settings but will not show the consent items on your site.


Pages/Forms that Are Affected by Compliance Management

  • Newsletter
  • Trip Request
  • B2C Booking (if Tandem is enabled)

Frequently Asked Questions about GDPR


What is GDPR? GDPR is a set of regulations regarding the collection and use of personal data, among other requirements. You can read the entire regulation here. However, to understand it better, there are a variety of articles summarizing the requirements that have been written by experts. Performing a Google search for "GDPR for Travel Agencies" will provide several good summaries.

Am I subject to GDPR requirements? Generally speaking, if you do not do business with EU and UK citizens, you are not subject to GDPR. However, you should seek the legal advice of your own to be sure. The rules and requirements for GDPR compliance are substantial, and should not be taken lightly. Industry trade groups are publishing helpful guides and conducting webinars that we highly encourage you to attend.

Can you help me become GDPR compliant? Unfortunately, no. GDPR compliance can be complex and may require changes by your company that go far beyond your website or booking engine. They may require new company policies to be written and new ways of working. This isn’t something that Passport Online can advise your business on.


The materials in this article are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any regulatory questions. Inclusion of any links to third party sites or opinions within this article does not constitute an endorsement of the accuracy or applicability of that third party data.