What does GDPR involve?

Since 25 May 2018, a privacy law applies throughout Europe: the General Data Protection Regulation (GDPR). This law sets out how organizations must handle personal data. See Tickets complies with this legislation and is happy to help you do the same as an organizer.

Do you still have questions after reading this article? Feel free to contact us via the button at the bottom of this page.

What is personal data?

As soon as you work with information about people, you are quickly dealing with personal data. Think of names, email addresses, addresses and postal codes of ticket buyers, IP addresses for online orders, or phone numbers of crew members. The GDPR applies to everything you do with that data: from collecting to storing, from emailing to deleting.

What does this mean for you as an organizer?

As soon as someone orders a ticket, signs up for your newsletter, or contacts you, you process personal data. The GDPR then sets a number of basic rules that you must follow:

1. Be clear about your purpose > Explain in advance why you are collecting data. You may, for example, email a visitor about practical information for your festival, but not just about other matters.
2. Only collect what you need > Only request the data that is truly necessary, such as name and email address for a ticket. Leave out any unnecessary information.
3. Ensure the data is accurate > Keep information up to date and give visitors the option to update their details.
4. Do not retain data longer than necessary > Delete or anonymize data as soon as you no longer need it for the original purpose. For example, five years after an order has been placed (based on the five-year limitation period for civil claims that applies in the Netherlands), unless you have a legal reason to keep it longer.
5. Protect data properly > Take appropriate technical and organizational measures, such as secure storage and limited access.
6. Respect visitors’ rights > Ticket buyers have the right to access, correct, or delete their data. You must respond to this promptly (in most cases within one month) and correctly.
7. Do not transfer personal data to organizations outside the European Economic Area (EEA) without proper safeguards > The GDPR sets strict requirements for the transfer of personal data to countries outside the EEA, because not every country offers the same level of protection. Make sure you only transfer personal data to organizations outside the EEA if there are appropriate safeguards in place, such as an adequacy decision by the European Commission or standard contractual clauses. Without these safeguards, transfers are in principle not allowed. 

This is a brief overview and no rights can be derived from this article. For your specific situation, we recommend seeking legal advice.

• Related Articles

• Frequently asked questions about data

  Can I use email addresses I collected in the past and will collect in the future for marketing purposes? You may only use the email addresses of your ticket buyers if you have a valid legal basis under the GDPR. This means that in most cases you need ...

• Booking Protect

  See Tickets provides you as an organizer with the tools to create a positive fan experience, fully in line with our white-label philosophy. Part of this are additional services, including a cancellation insurance (Refund protection) for your fans. ...

• XCover

  See Tickets provides you as an organizer with the tools to create a positive fan experience, fully in line with our white-label philosophy. Part of this are additional services, including a cancellation insurance (Refund Guarantee) for your fans. ...

• Ledger lines

  What are Ledger Lines? Ledger Lines is an Excel overview of all revenue and costs that apply per order for your event(s). It is essentially the data file of the invoices, which allows you to look up and recalculate data in detail and so on. The ...

• Want to know everything about payouts? You’ll find the answer here!

  Difference between time of ordering and payout Between the moment an order is placed by a consumer and the moment the money is received by Paylogic and therefore ready for payout, there is an average delay of 11 days. This depends, among other ...