What is GDPR?

New EU regulations surrounding the collection and use of the personal data and information of EU citizens comes into effect on May 25, 2018. The regulation seeks to give greater control to individuals over the data collected and processed by organizations, and gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, the purpose for collection the right to purge it upon request.

We also give and overview of GDPR in more detail here and detail what Zaui is doing to prepare for GDPR.

GDPR Checklist for Tour, Activity & Transportation Companies

We’ve got your GDPR bases covered as far as your use of Zaui goes. However you need to think about GDPR in the context of your entire operation.  Below is a checklist for tour, activity and transportation operators to help you get ready for the coming legislation.

Please note that this information is not legal advice. If you have any questions about how the GDPR legislation affects your business, you should consult with your attorney.


Identify Who is responsible for the data.

This is key role in ensuring that rules are being followed when handling the data.


Identify What personally identifiable information you collect and process.

This includes items such as name and address, telephone numbers, date of birth, passport number and banking information.


Identify Where this information is held.

Where do you collect and store personal data? Outside of your Zaui Reservation System this might be in a CRM system, in newsletter subscription programs you use to communicate with your customers or via cookies you collect on your website. Keep in mind that your employee’s data also counts!


Consider the reason Why you process it.

Is all of the information you collect necessary for the provision of your service or is some of it just nice to know? Consider reducing the amount of information you collect.

Note for Zaui users – customers automatically give their consent when they book to receive communications from you based on their booking transaction, reservation confirmation, edit or cancellation notices, pre-tour communications and post-tour follow up emails.
You will need to ask for specific consent to guests to sign up for newsletters and loyalty programs etc.


Enable a Cookie Policy alert on your website.

Some great information about this and how to implement it is found here.

Ensure that all your sign up forms contain a consent checkbox.

You need to ask your contacts permission to process their personal data and clearly describe for what purpose you will use it. By ticking the consent checkbox, people agree to the collection of their data. Learn how to do this in Zaui.

Have a means for users to request to remove the data you have collected on them.

Learn how to do this in Zaui (zendesk). In addition, make sure it is easy for your users to opt out of communications as easily as they opted in. Include an unsubscribe link in your communication emails to give them this option at any time.

Review your Privacy Policy.

Make any changes to your privacy policy required to meet GDPR standards. If you don’t have a privacy policy, now’s the time to create one. There are many free resources available to help you get started. Try a web search for “privacy policy template GDPR”. Once you have updated/created your privacy policy, make sure it is available and/or you link to it in all places you process personal data:
– Your website
– Your online booking portals in Zaui
– Any other forms where people may sign up for information or services

Train your team about GDPR.

Ensure everyone on your team who handles personal data knows about GDPR and what you are doing to become compliant.