07 Feb 2019 | Data, GDPR
It’s been nearly a year since May 25th 2018, and while I am sure we’re all feeling very confident with our organisation’s GDPR compliance, it only takes a short time to create bad habits. So, in the spirit of a good Spring clean and banishing bad habits, this week we’ll look at simple ways to get on top of your GDPR compliance tasks - at least for the next few months.
This time last year, our team was working tirelessly on organising workshops for our customers to ensure arts venues and organisations were ready to tackle GDPR before the 25th. In the months leading up to GDPR we were working with the Ticketsolve community and encouraging them to look at GDPR differently - look at it as an opportunity. GDPR is (and was) a great way to build a stronger bond and create more meaningful communication with audience members. Patrons who engage with you post-GDPR actually want to hear from you. They what to know what their venue is doing, when they can purchase tickets, and when they need to repurchase their memberships.
Besides a more engaged customer base, there is, of course, the beauty in having a squeaky clean customer database. Remember we spoke about how wonderful it is to get your database clean and therefore super effective and efficient? I am going to guess that after the initial frenzy of getting your database organised, much has stayed the same from May 29th 2018 until today. If you are starting to panic now . . .don't! We’re in this together; you are most certainly not alone (queue choir chorus)!
Since the start of the year, we’ve been conducting customer visits all over the UK and Ireland. What we’ve found is that since the GDPR dust has settled, there are some areas everyone needs to keep an eye on still.
We’ve pulled together some areas of caution to be aware of surrounding GDPR and keeping all personal data secure. We’ve highlighted a few bad habits to look out for below. The great news is that they are all easily resolved.
Top 5 Habits to be Cautious of (Each Day)
1. Printing tickets and leaving them out on a table for collection.
The customer’s personal information which is on your tickets needs to be kept secure. Pre-printed tickets should be kept securely out of sight until needed.
2. If you post tickets, think about how addressed envelopes are handled.
Now we’re not saying that this information needs to be taken to the post office, blindfolded and under lock and key. But we want to highlight that personal information at the box office can quite literally be everywhere and we need to be vigilant of that. So be sure addressed envelopes aren’t floating about the office for two weeks after each customer order. Again, an idea is to keep addressed envelopes ready for posting in a secure place out of sight until you have enough orders ready for a trip to the post office.
3. Taking details over the phone and writing information on a post-it.
This is very common with casual box office staff and volunteers who might not be so confident processing over the phone or walk-up sales. Your best bet here is to not leave post-it pads beside the phones at all. Rather, have casual staff and volunteers use the notes section in Ticketolve, or better yet show them how easy it is to use Ticketsolve for collecting information. It is tempting to write everything down on paper, but not only is it bad for our planet it is a huge data risk. Phone numbers and names are personal information and we don’t want that bright orange post-it to end up in the wrong hands. Give your team a little push of confidence for using the system, after all really is user friendly!
4. An audience member leaving a card in the chip and pin.
Happens to even the best of us but it’s important that the card is kept in a safe until the owner comes back with photo id. If you have the customer’s number in your database, give them a quick call so they can come collect their card quickly.
5. Printing off instalment invoices.
Are you printing off invoices for your audience members? Or, are school secretaries printing off invoices and posting you a cheque? Either way, simple documents such as this can contain lots of high-level personal information and sensitive material. If you can go paperless - do. And encourage your customers to do the same. If you absolutely must have paper copies of things, file them securely and shred them when the time comes. Shredders really are therapeutic for the soul; we all love the satisfaction of perfectly shredded pieces of paper :)
If you are still questioning some of the basic concepts like legitimate interest and PECKR, then pull out a copy of the Ticketsolve Guide to GDPR. If you can’t find your copy of our guide specially created for arts organisations, festivals, and theatres then get in touch; we can always email you out another copy!