In our GDPR series, we explore the impact that these new regulations will have on tour and activity operators.Best Practices for Tours and Activities GDPR 2018 Series:Part 1: GDPR and the Travel IndustryPart 2: Data Collection and PrivacyPart 3: Marketing ConsentPart 4: Marketing ListsPart 5: Policies and ProcessesPart 6: Data RetentionPart 7: Workforce DataPart 8: Privacy by Website DesignTour and activity providers have discovered that data is the key to customizing their products, growing their business and increasing their bookings. However, with the new GDPR laws in place, most tour and activity companies are going to have to change the way they think about data and adjust their data collection policies and processes.The GDPR went into effect on May 25, 2018, and it’s going to be strictly enforced. Businesses who are based out of European Union states as well as businesses who have customers who reside in the European Union must be compliant with the regulations. Rezdy has developed a blog series that discusses the various aspects of the GDPR and how it will impact the tour and activity industry. Data retention, in particular, must be looked at.What is Data Retention?When data is collected by a business and then subsequently stored for future use, that is considered to be data retention. The key thing to note about data retention and GDPR is that businesses cannot simply change their data retention policies and processes moving forward. They have to evaluate all data that is currently stored in their system and verify that it is in compliance with the GDPR laws.Read more: 4 Ways Travel Brands can Stay Relevant in Data-Driven IndustryBest Practices for Data RetentionAudit your existing data and determine how long you have been retaining this personal information. The GDPR requires businesses to retain data for no longer than required for the purpose of the data, which means that a lot of your older data that is still being stored will likely need to be destroyed. You may also need to retroactively seek permission to retain the data that you have for your business.Create a data cleansing policy. The data cleansing policy should outline clear and concise procedures for storing and subsequently destroying data once it has been used for its intended purpose. All of your staff members should be aware of the data cleansing policy, so that it can be properly enforced. In addition, you need to provide your data cleansing policy to your customers.Seek consent for all of the data that you collect. Previously, you likely were able to assume that your customers would consent to your data collection programs. However, the GDPR now requires customers to affirmatively consent to having their data collected by a business.Prepare documents that you can provide the regulator to prove that you are in compliance with your data retention policies and procedures. This may take a significant amount of time now, but you will be glad that you are prepared in the event that a regulator asks you for proof.Data retention is a pivotal part of your tour and activity business, and can help you create the right products for your target market segments. To continue learning more about data retention and other aspects of your business that will be impacted by the GDPR, follow the rest of our Rezdy blog series on this topic.