GDPR (General Data Protection Regulation)
The General Data Protection Regulation (GDPR) is an EU regulation that expands the protection of personal data of EU citizens. In doing so, it also expands the obligations of organizations who collect or process that data. The goals of the GDPR are to increase transparency and fairness in the handling of individuals’ personal information. Personal data is any information relating to an identifiable individual. The Regulation can be viewed here.
Enforcement of GDPR started on May 25 2018. All organisations need to be aware of their responsibilities and ensure that they are compliant with GDPR.
The following information is provided to help you understand general concepts about GDPR. It is not legal advice, and you should speak to legal counsel regarding GDPR and how it affects your organisation.
How is Future Ticketing compliant with GDPR?
Future Ticketing was built with GDPR in mind. GDPR legislation was being discussed as Future Ticketing was founded, which meant that our system followed best practice as details were released.
We have compiled a list of sub-processors and services we use. We may share some Personal Information we receive with vendors and service providers only as necessary to provide the Services to us.
Future Ticketing prides itself on taking the steps to to meet the data transparency goals of GDPR. This continues our practice of protecting your data and providing for the legal and secure handling of your organisation’s critical business information.
The information on this page is provided to help you understand Future Ticketing’s role as processor of your data, the rights of your users, and the responsibilities you hold as a controller of their data. It is intended as guidelines and is not comprehensive or should be taken as legal advice.
Does GDPR apply to me?
GDPR applies to any organisation set-up within the EU that processes personal data of EU citizens.
Organisations are classified as processors or controllers of personal data.
Organisations that determine the purpose of the storage or processing of personal information are considered controllers.
Organisations that store or process personal data on behalf of another organisation are considered processors.
Some organisations may be both.
What about the personal information entered into the Future Ticketing system. Does that make my organisation a controller or a processor?
Because you control and manage the data you enter into the ticketing system, you are the controller for that data. You decide how that data is used, how long to keep it, how often to update it, etc.
What is Future Ticketing’s role ?
Future Ticketing is both a Controller and Processor.
Future Ticketing is the Processor of the personal data you manage in our systems. We store the data for you and process it per your actions in our applications.
Future Ticketing is also the Controller for our clients, company and subprocessors details.
In terms of GDPR and the Future Ticketing dashboard, each individual client database is hosted in a virtual private cloud unique instance, which is owned exclusively by client.
The Future Ticketing system allows easy compliance with GDPR via automated and individual anonymisation, tokenised payments, and customer details which are viewable and/or non viewable by user levels.
Every organisation is different due to how they manage data. For example, some organisations will be both controllers and processors.
In general, you must have processes in place to follow through on requests from your users regarding their personal data.