In our GDPR series, we explore the impact that these new regulations will have on tour and activity operators.
Best Practices for Tours and Activities GDPR 2018 Series:
Part 1: GDPR and the Travel Industry
Part 2: Data Collection and Privacy
Part 3: Marketing Consent
Part 4: Marketing Lists
Part 5: Policies and Processes
Part 6: Data Retention
Part 7: Workforce Data
Part 8: Privacy by Website Design
Many tour and activity operators updated their websites and privacy policies when the GDPR laws went into effect on May 25, 2018. After this date, any business based in the European Union or any business who has transactions with residents of the European Union must adhere to the strict guidelines and regulations that have been put in place to protect consumer data online.
This is the final installment of the Rezdy blog series on the GDPR and how it impacts the tour and activity industry. We will discuss how to protect consumer data and privacy by website design.
What is Privacy by Website Design?
Privacy by website design is the process of improving the tools and systems that collect data on your website so that all personal information is obtained in a way that is legal, private and safe. Tour and activity operators need to take the time to audit their current website design, and they should use their website design tools to create a privacy-friendly design that will enhance the user experience and help build trust amongst customers.
Read more: From Hero to Zero: 5 Worst Website Traits for Tour Operators
Best Practices for Privacy by Design
- Always assume that data is private and therefore should be protected. A traveler who is searching your site and providing you with contact information to learn more about your tours should not have to take any additional steps to protect their personal information. It should automatically be protected by your site design.
- Create a privacy impact statement for your website. Ultimately, this document needs to address any potential challenges that could compromise a person’s data while also outlining the steps you would take to protect their data under those circumstances. A PIA statement should be routinely evaluated and edited based on the current tools and systems your website is using to collect data.
- Get affirmative consent from all site users before collecting their data. This is absolutely necessary in order to be compliant with GDPR laws. You must allow a user to opt-in to all data collection programs on their own. The box should not automatically be checked for them, and you cannot assume that they consent to data collection simply because they did not say no.
- Remember that site users — or the data owners — have the right to access their data and the right to ask you to remove the data. Your tour and activity website needs to be designed so that it’s easy for you to retrieve data, to provide it to consumers who ask for it and to easily destroy the data when necessary. Note that data cannot be stored for longer than necessary under the new GDPR laws that recently went into effect.
Privacy by design can help streamline your data collection processes and ensure that you remain in compliance with the new GDPR laws. For more information on GDPR and how it effects tour and activity companies, follow the Rezdy blog today.