Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
-
Event management systems.....what do you use?
I'm sure most of you are aware (or should be) about the new GDPR regulations coming into force at the end of May.
I, like a lot of people use DJEP to manage everything. However, there's a problem. They fall short on the eighth principle of Data Protection under the new regs because they're hosting in the USA and at the moment, don't appear to have achieved Privacy Shield status. Therefore....we can't use them once GDPR comes into force (or that's my understanding anyway).
Are there any of these systems which are similar to DJEP which are hosted in the EEU that you're using/have knowledge of?
I'm aware there's a Wordpress one which I can host myself which I'm seriously looking into....but it seems to fall short on things like planning documents (i.e. timelines).
Open to suggestions......
-
Considering how many users they have in the UK I'd be surprised for DJEP not to comply with GDPR.
They moved quite quickly with SSL once a few users started banging the drum...
-
This is interesting.
1Locate
GDPR requires that you find the personal data you store. Metalogix can help you find your sensitive data and classify it accordingly. Sensitive Content Manager will scan and detect personal data across your SharePoint environments in minutes, based on search criteria that you define.
2Manage
GDPR requires you to track the personal data stored by your organization. Leverage ControlPoint to set and automatically enforce defined governance policies that provide guardrails for normal and compliant business behavior.
3Protect
GDPR requires that you protect personal data from damage, loss, or breach. ControlPoint monitors user behavior to detect and automatically react to unusual activity - like excessive file downloads or unauthorized access requests - helping to protect against potential breaches and support compliance with the GDPR requirement to report breaches within 72 hours.
4Audit
GDPR places greater liability on organizations to prove responsible and transparent management of personal data. Gain visibility into who has accessed or altered personal information and sensitive content over any period of time with ControlPoint. Track and demonstrate compliance through highly granular reporting capabilities to support internal and external audit requests.
I prefer to do things manually, but my friend is quite savvy with this sort of thing and involved quite closely with Digital DJ tips: https://www.djjoesimpson.co.uk
Last edited by yourdj; 29-03-2018 at 07:33 AM.
-
Originally Posted by
Imagine
I'm sure most of you are aware (or should be) about the new GDPR regulations coming into force at the end of May.
I, like a lot of people use DJEP to manage everything. However, there's a problem. They fall short on the eighth principle of Data Protection under the new regs because they're hosting in the USA and at the moment, don't appear to have achieved Privacy Shield status. Therefore....we can't use them once GDPR comes into force (or that's my understanding anyway).
Here's the get out clause:
Organisations must receive explicit consent from their customers for their personal information to be transferred outside of the EEA. GDPR can still hold a company liable even after data has been transferred to another country. These changes mean that companies must consider the impact GDPR could have on their international data transfers.
This could be easily covered off via a change to the privacy policy and/or terms and conditions used. This also isn't new, this principle was introduced with the Data Protection act 1998.
Personally, I think it's worth focusing more on how securely you're keeping data, how good the audit trail is for access/modification and what you're doing with details of old customers and customers who didn't book (if the lead didn't amount to anything you don't have any right to hold their details AT ALL unless they explicitly consented to their information being stored at the point where they submitted the information).
I'm working with a bunch of organisations at the moment who are slowly waking up to the fact that their systems don't record the consents in enough detail and their existing marketing databases can no longer be used!
-
This whole thing is still a mindfield.
Let's take NeedADisco for example, which provides you with an option to export lead details direct in to DJEP.
At what point can you get explicit consent to transfer that data out of the EEA?
One thing I have noticed with GDPR is there are lots of 'get out of jail' clauses that despite lots of scary sounding bits, also enable you to do quite a bit!
-
Dinosaur
-
Originally Posted by
Excalibur
You'll need some of this then when a client asks you to remove their details...!
-
Anyone else think this whole GDPR thing has not been thought out properly.
So many flaws and get out of jail cards surround it. I have spoken to a few people who have to deliver this to staff at large venues and they are saying even they don't really understand it fully when they get presented with different scenarios
Personally I don't think the government (or whoever is responsible) has rolled it out very efficiently either
-
Originally Posted by
ppentertainments
Anyone else think this whole GDPR thing has not been thought out properly.
In all honesty, I don't think we need to do much.
Let's look at the very basics of GDPR:
Respect people's personal data, and take reasonable steps to protect it.
Don't spam people
Work on the above basis and you won't go far wrong.
I can't see those PPI calls stopping any time soon, and I can see far worse breaches of GDPR than a mobile DJ.
One thing I've seen that we need to be careful with is 'passing on details'. If someone contacts you and you're not available, you must have permission to pass on the details of that gig.
Other than that, I really can't see what else needs to be done at our level of business.
I'm sure this is a big headache for larger organisations who do deal and store a *lot* of information.
For us, just be sensible with people's data is the crux of it.
There will be plenty who won't be, and they will be further up the list of priorities for what I'm sure will be an inadequately small team to deal with data breaches!
-
Originally Posted by
rth_discos
Let's look at the very basics of GDPR:
Respect people's personal data, and take reasonable steps to protect it.
Don't spam people
Work on the above basis and you won't go far wrong.
I think you will only run into problems if someone reports you or data is quite clearly being sold off to marketing companies and such like without permission. I guess you could add the details of the management system in a business privacy policy?
Given the size and nature of our business it wont happen often I guess? All my systems are private, managed manually and all info stored on paper or Google Calendar so I am OK. If I really wanted too I could sell my information to a group of suppliers further down the line, but I guess I would be in hot water sooner than later.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules