You, Future Ticketing, and the
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is an EU regulation that expands the protection of personal data of EU citizens. In doing so, it also expands the obligations of organizations who collect or process that data. The goals of the GDPR are to increase transparency and fairness in the handling of individuals’ personal information. Personal data is any information relating to an identifiable individual.
Enforcement of the GDPR starts on May 25, 2018. The Regulation can be viewed here. All organizations need to be aware of their responsibilities and ensure that they are compliant with GDPR by May 25, 2018. Non-compliance can result in hefty fines.
The following information is provided to help you understand general concepts about the GDPR. It is not legal advice, and you should speak to legal counsel regarding the GDPR and how it affects your organization.
Does the GDPR apply to me?
The GDPR applies to any organization that is organized in the EU and any organization that processes personal data of EU citizens.
Organizations are classified as processors or controllers of personal data. Organizations that determine the purpose of the storage or processing of personal information are considered controllers. Organizations that store or process personal data on behalf of another organization are considered processors. Some organizations may be both.
When it comes to the personal information entered into the Future Ticketing system, is my organization a controller or a processor?
Because you control and manage the data you enter into the ticketing system, you are the controller for that data. You decide how that data is used, how long to keep it, how often to update it, etc.
What is Future Ticketing’s role?
Future Ticketing is both a Controller and Processor. Future Ticketing is the Processor of the personal data you manage in our systems. We store the data for you and process it per your actions in our applications. Future Ticketing is also the Controller for our clients, company and subprocessors details. List of our subprocessors is available here.
How does my organization ensure our compliance?
Every organization may be different due to their role in managing user data. For example, some organizations will be both controllers and processors. In general, you must have processes in place to follow through on requests from your users regarding their personal data.
The Future Ticketing Data Processing Addendum is available on request for our customers that are processing personal data with Future Ticketing. We are also sending this addendum out to customers on a phased basis via email. Please sign it and return to us for our records.
And if you created your account after May 25, 2018, please read, sign, and submit the Data Processing Contract so that your records are up to date.
Will Future Ticketing be compliant with the GDPR by May 25, 2018?
Existing customers should review, sign, and return the Data Processing Addendum Contract we’ve provided. This will ensure you have the latest contract that includes our requirements under the GDPR. Once you accept the new data processing terms, they’ll supplement our current contract or Terms of Service and will take effect on May 25, 2018.
We’ve compiled a list of subprocessors and services we use. We may share some Personal Information we receive with vendors and service providers only as necessary to provide the Services to us.
These are just some of the many steps Future Ticketing has taken to meet the data transparency goals of the GDPR. This continues our practice of protecting your data and providing for the legal and secure handling of your organization’s critical business information.
The information above is provided to help you understand Future Ticketing’s role as processor of your data, the rights of your users, and the responsibilities you hold as a controller of their data. It is not comprehensive and is not legal advice.