top of page

"GDPR" Virus has infected the Zombie Experience!

Hunting zombies in any Zombie Experience sounds like it's all fun and games but like any business, Zombie Infection has to comply with a raft of regulations to protect customers. One example that has changed the way many businesses operate is the introduction of GDPR, the General Data Protection Regulation.

What is GDPR?

Put simply, GDPR is there to protect you and your data. Many things are classed as personal data, such as the obvious like your name, address and telephone, as well as more abstract information like your computer's IP address and cookies stored on your computer.

To be compliant with GDPR, a company must have a robust data protection policy. Zombie Infection has several policies which are relevant to the use-case. The main policy you will encounter is our privacy notice on our website, which governs the use of your data online. As a responsible employer, we also need to keep our employees' data safe, which requires a separate policy. It is also required to pay a fee to the Information Commissioner's Office, which adds the fee-payer to the public register, making it easy to check who has actually registered.

Many companies are still yet to comply with GDPR, particularly smaller businesses which tend to operate they did before GDPR became law. Not only are they putting customer data at risk, they risk a large fine from the Information Commissioner's Office for failing to comply. It has been confirmed that these regulations will still apply when the UK leaves the EU at the end of January.

A cursory glance at the public data protection register suggests that compliance with GDPR is still something that needs to be improved on within the scare industry. Ordinarily, a competitor's legal compliance shouldn't worry a company however we feel it is important to lead by example. If the majority of an industry is breaking the rules, it can affect those who do comply with legislation by way of souring the public opinion on that industry. You don't want to end up in a real 18th Century Courthouse!

Zombie Infection Experience & GDPR

Your GDPR journey with Zombie Infection (granted, a much less exciting journey than our Zombie Experiences!) starts when you first visit our website. You have options as to which cookies are stored on your computer. Cookies are a small text file which contain identifying information and settings that a website can use. This process is entirely automated and can be managed through your browser.

If you then contact us, any data you submit via our online form or by email is covered under GDPR. That means, we need to keep your data safe whilst it is in our possession. Our staff are fully trained on how to access and store your data safely, and what to do in the unlikely event of a data breach.

The other major source of data capture is when you book an experience with us. You need to provide certain information in order to make the purchase, which is fully protected under GDPR. We do not have access to your payment card details, this is handled by Stripe, an industry leader in online commerce.

In conclusion

This blog post is not meant to be an exhaustive list of what is required to comply, nor is it a scathing indictment of our industry. The purpose of this post is to highlight the importance of GDPR and our commitment to keeping your data safe. Hopefully, more SMEs will follow suit and while data breaches can never be avoided completely, compliance can help mitigate the risk through the use of appropriate policies and training.


To take part on one of our new 2020 events head over to our website and follow us across social!

Instagram: @official_zombieinfection

Why not join our community for all things zombie on our live Twitch channel:


Recent Posts

See All


bottom of page