We’ve made a lot of progress since the last blog so, here’s where we are currently up to.
We have optimised our Web and Mobile check out pages to comply with new regulations. We have made this process clearer to opt out. By law we have to now add in the Promoter details on the check out process (you can edit your company name if it’s incorrect, within your Profile).
Below is an example of our new marketing checkout process. After consulting with the ICO and with our promoters best interests at heart we are using the consent basis to ensure you retain the ability to market related events.
Important: If your ticket agent is using Legitimate Interest to provide the basis for your marketing, be aware that the purposes for which you can use this data is very restricted. Also make sure that:-
- You are named on the checkout (by law this must now be a process)
- A Legitimate Interest Impact Assessment form has been completed on each event.
- There is a clear option on a checkout for “soft opt out”
If any of these steps aren’t followed it will render your data useless and you could face a fine if you use it. Don’t be left with a mailing list you can’t use!
We have made our customer data downloads clear to show which customers have opted in/out of receiving marketing from you.
We have now created a GDPR page on Skiddle, this page outlines all the information you need and what changes Skiddle will be making. https://promotioncentre.co.uk/gdpr-faqs.php In this link is a help section for all promoters to assist you in making sure you are handling your data correctly.
In the next few weeks a new data sharing agreement will be available, this agreement will be between every promoter and Skiddle and will outline the new changes needed for direct marketing.
Skiddle are here to help you make sure you are doing the right thing with customers data.
Where are we up to to becoming compliant?
We are taking many steps across our business to ensure we are GDPR compliant:
- Thoroughly research the areas of our business impacted by GDPR – COMPLETE
- Appoint a Data Protection Manager – COMPLETE
- Rewrite our Data Protection Agreement – COMPLETE
- Create a roadmap of all data and assess the new risks – COMPLETE
- Assess all third-party company data policies – COMPLETE
- Perform the necessary changes/improvements to our product based on the requirements – COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – COMPLETE