In our GDPR series, we explore the impact that these new regulations will have on tour and activity operators. Easily navigate to the following pages:
Best Practices for Tours and Activities GDPR 2018 Series:
Part 1: GDPR and the Travel Industry
Part 2: Data Collection and Privacy
Part 3: Marketing Consent
Part 4: Marketing Lists
Part 5: Policies and Processes
Part 6: Data Retention
Part 7: Workforce Data
Part 8: Privacy by Website Design
In May 2018, the General Data Protection Regulations went into effect for all members of the European Union, and the regulations are applied to any organization who processes personal data. Naturally, these new laws will have a significant impact on the travel industry and on the way that tour and activity operators across the globe do business.
Understanding the General Data Protection Regulations (GDPR)
The GDPR is a set of data protection laws that went into effect on May 25, 2018, requiring all members of the European Union and all companies that do transactions with European Union residents to adhere to the new guidelines and regulations. The purpose of these laws is to protect consumers and to prevent data from being compromised during the process of an online transaction. For tour and activity operators, as well as any other business owner in the travel industry, these laws can have a big impact on the way that they do business. Tour and activity operators have long relied on data collection in order to improve their marketing strategy, increase their bookings and enhance their tour offerings. It should be noted that as these new laws went into effect, a large enforcement agency also was created in order to monitor compliance. Those who do not comply with the GDPR laws will face crippling fines.
Read more: Marketing 101: How to Retain Customers for Tour Operators
Types of Personal Data
Personal data may be defined as:
- Name or identification
- Contact information such as a phone number or e-mail address
- Financial information
- Photographs or videos
- Social identification or cultural background
- Biometric data
- Health records
- Employment records
- Data related to a child or a dependent
Specific Issues that Tour and Activity Operators Should Address
- Data Collection and Privacy — Your company will have to provide notice about data being collected and how that data is being handled. Privacy notices must adhere to new guidelines.
- Marketing Consent — Digital marketing has become commonplace, but the GDPR requires companies to ask for consent now prior to delivering digital marketing content.
- Marketing Lists — Any third party that you utilize to acquire marketing lists also must be in compliance with GDPR, or you could face penalties under the new regulations.
- Policies and Processes — You will need to have a data collection policy in place that complies with the new laws, and that policy must be accessible. All of your customers must have the opportunity to opt out of any data collection program.
- Data Retention — All tour and activity operators need to review their data retention methods and evaluate the data that they currently have stored. Any individual who has not provided consent for data retention must have all of their data destroyed once they have completed their experience with your company.
- Workforce Data — The GDPR also provides guidelines for how you collect and store your employees’ data. There are new regulations in place for the types of data that you can collect from your staff and how long you can retain that data.
- Privacy by Website Design — You need to evaluate your website design and confirm that all processes for data collection are in compliance with the new regulations. Your website should feature a privacy-friendly design.
To provide tour and activity operators with reliable information about the new GDPR laws and how they apply specifically to the tour and activity industry, Rezdy has developed a series of articles about this topic. Follow the Rezdy blog for more information.