New releases

GDPR & Our Continued Commitment to Customer Privacy

With so many emails flooding your inbox recently from different companies, the newly enacted General Data Protection Regulation (GDPR) should need no introduction!

In short, it is a legal framework designed to protect Personal Information (PI) of customers in the European Union (EU). Examples of PI include passport number, date of birth, gender and nationality.

In this blog post, we’ll discuss why GDPR is relevant to Busbud and, most importantly, the measures we’ve taken to guarantee the protection of our customers’ confidential information.

Why GDPR is relevant to Busbud

Busbud is helping travellers to book bus tickets online worldwide. With customers across 75 countries, including EU countries, GDPR definitely matters at Busbud too!

As part of the booking process, passengers provide personal information to Busbud to complete their transaction. Busbud maintains confidentiality of this information. To achieve this, GDPR prescribes a set of requirements that Busbud has embraced and implemented to strengthen the protection of customers’ data even further.

By partnering with our valued bus suppliers in countries around the world, Busbud is able to provide the largest bus route inventory to its customers. Every country has different rules and regulations for bus travel. Consequently, the set of personal information asked during ticket booking will vary from one country to another. For example, in Canada, one bus operator may need only a passenger name, whereas in Argentina, a passenger’s gender, date of birth, nationality, country of residence and ID number (passport or DNI) may be required.

How we are keeping customers safe

Busbud passes the passenger’s information to its bus operator partner to complete ticket booking under specific contractual provisions. To provide the best customer service, we may also store this information for a reasonable amount of time following the date of departure. After that, the passenger’s information is removed from our systems.

If we think of data protection as an engineering problem, the solution lies in defence via layers. To that end, we follow the guidelines established by the OWASP (or Open Web Application Security Project). The first line of defence is making the information hard to understand by encrypting it before storing it. We increase the protection even further by periodically changing the encrypted content, while being able to decrypt the content correctly when needed. Another mechanism to reduce the risk is to expire and remove sensitive information as soon as it is no longer needed. Finally, we also proceed to remove as soon as possible any personal data if requested by our customers, subject to applicable laws.

Our commitment to customers worldwide

One of Busbud’s values is “going places”, as we help people around the world to travel by bus to reach their next destination. Our customers place their trust in Busbud when they provide personal information to complete their booking with one of our bus operator partners. Busbud has always been committed to ensuring that our customers can travel without worrying about the confidentiality of their information.


Photo by Markus Spiske on Unsplash