In our GDPR series, we explore the impact that these new regulations will have on tour and activity operators. Easily navigate to the following pages:Best Practices for Tours and Activities GDPR 2018 Series:Part 1: GDPR and the Travel IndustryPart 2: Data Collection and PrivacyPart 3: Marketing ConsentPart 4: Marketing ListsPart 5: Policies and ProcessesPart 6: Data RetentionPart 7: Workforce DataPart 8: Privacy by Website DesignIn May 2018, the General Data Protection Regulations went into effect for all members of the European Union, and the regulations are applied to any organization who processes personal data. Naturally, these new laws will have a significant impact on the travel industry and on the way that tour and activity operators across the globe do business.Understanding the General Data Protection Regulations (GDPR)The GDPR is a set of data protection laws that went into effect on May 25, 2018, requiring all members of the European Union and all companies that do transactions with European Union residents to adhere to the new guidelines and regulations. The purpose of these laws is to protect consumers and to prevent data from being compromised during the process of an online transaction. For tour and activity operators, as well as any other business owner in the travel industry, these laws can have a big impact on the way that they do business. Tour and activity operators have long relied on data collection in order to improve their marketing strategy, increase their bookings and enhance their tour offerings. It should be noted that as these new laws went into effect, a large enforcement agency also was created in order to monitor compliance. Those who do not comply with the GDPR laws will face crippling fines.Read more: Marketing 101: How to Retain Customers for Tour OperatorsTypes of Personal DataPersonal data may be defined as:Name or identificationContact information such as a phone number or e-mail addressLocationFinancial informationPhotographs or videosSocial identification or cultural backgroundBiometric dataHealth recordsEmployment recordsData related to a child or a dependentSpecific Issues that Tour and Activity Operators Should AddressData Collection and Privacy — Your company will have to provide notice about data being collected and how that data is being handled. Privacy notices must adhere to new guidelines.Marketing Consent — Digital marketing has become commonplace, but the GDPR requires companies to ask for consent now prior to delivering digital marketing content.Marketing Lists — Any third party that you utilize to acquire marketing lists also must be in compliance with GDPR, or you could face penalties under the new regulations.Policies and Processes — You will need to have a data collection policy in place that complies with the new laws, and that policy must be accessible. All of your customers must have the opportunity to opt out of any data collection program.Data Retention — All tour and activity operators need to review their data retention methods and evaluate the data that they currently have stored. Any individual who has not provided consent for data retention must have all of their data destroyed once they have completed their experience with your company.Workforce Data — The GDPR also provides guidelines for how you collect and store your employees’ data. There are new regulations in place for the types of data that you can collect from your staff and how long you can retain that data.Privacy by Website Design — You need to evaluate your website design and confirm that all processes for data collection are in compliance with the new regulations. Your website should feature a privacy-friendly design.To provide tour and activity operators with reliable information about the new GDPR laws and how they apply specifically to the tour and activity industry, Rezdy has developed a series of articles about this topic. Follow the Rezdy blog for more information.