GDPR Checklist for Tour, Activity & Transportation Companies

GDPR Checklist for Tour, Activity & Transportation Companies

What is GDPR?

New EU regulations surrounding the collection and use of the personal data and information of EU citizens comes into effect on May 25, 2018. The regulation seeks to give greater control to individuals over the data collected and processed by organizations.

For more information, we give and overview of GDPR in more detail here and explain what Zaui is doing to prepare for GDPR.

GDPR Checklist for Tour, Activity & Transportation Companies

We’ve got your GDPR bases covered as far as your use of Zaui goes. However you need to think about GDPR in the context of your entire operation.  Below is a checklist to help you get ready for the coming legislation.

Please note that this information should not be considered legal advice. If you have any questions about how the GDPR legislation affects your business, you should consult with your attorney.

Identify Who is responsible for the data you collect

This is key in ensuring that rules are being followed when handling the data.

Identify What personally identifiable information you collect and process

This includes items such as name and address, email, telephone numbers, date of birth, passport number and banking information.

Identify Where this information is held

Where do you collect and store personal data? Outside of your Zaui Reservation System this might be in a CRM system, in newsletter subscription programs you use to communicate with your customers or via cookies you collect on your website. Keep in mind that your employee’s data also counts!

Consider the reason Why you process it

Is all of the information you collect necessary for the provision of your service or is some of it just nice to know? Consider reducing the amount of information you collect.

Enable a Cookie Policy alert on your website

Some great information about this and how to implement it can be found here.

Ensure that all your sign up forms contain a consent checkbox

You need to ask your contacts permission to process their personal data and clearly describe for what purpose you will use it. By ticking the consent checkbox, people agree to the collection of their data. This is now mandatory in Zaui.

Have a means for users to request to remove the data you have collected on them

In addition, make sure it is easy for your users to opt out of communications as easily as they opted in. Include an unsubscribe link in your communication emails to give them this option at any time.

Review your Privacy Policy

Make any changes to your privacy policy required to meet GDPR standards. If you don’t have a privacy policy, now’s the time to create one. There are many free resources available to help you get started. Try a web search for “privacy policy template GDPR”.

Once you have updated/created your privacy policy, make sure it is available and/or you link to it in all places you process personal data:
– Your website
– Your online booking portals in Zaui
– Any other forms where people may sign up for information or services

Train your team about GDPR

Ensure everyone on your team who handles personal data knows about GDPR and what you are doing to become compliant.

Note for Zaui users: 

When they first make a reservation, your guests give their consent to receive communications from you related to their booking: reservation confirmations, edit or cancellation notices, pre-tour communications and post-tour follow up emails.
You will need to ask for specific consent to guests to sign up for newsletters and loyalty programs.