The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018, and will affect every organisation in the UK and Ireland. There are no right and wrong ways of complying with GDPR, but rather it’s up to each organisation to choose and document a process for becoming and remaining compliant. Our advice is to take a pragmatic, process-based view based on maintaining your audience and business considerations as a priority.
While this might all sound daunting, don’t panic. Complying with GDPR is a manageable process, as long as you approach it practically and sensibly. There are no one-size-fits-all answers to the questions posed by GDPR (and PECR), but here at Spektrix we want to help as much as we can.
We understand that the sector is experiencing a lot of confusion about how to proceed to make sure they comply with GDPR and PECR. As your partner in ticketing, marketing and fundraising, and having worked with hundreds of arts organisations like yours over the last ten years to make the most out of their customer data, we think it's important to provide you with as much information and guidance as we can to help you prepare - although we can't be be responsible for your organization complying with these regulations.
Just to reiterate that point, please remember that we’re not lawyers or legal experts. We want to help, but you should make sure you take your own legal advice as well, as we can’t provide actual legal guidance.
That is why we've developed this GDPR Toolkit for the Arts. The Spektrix Support team is also on hand to offer help and support when you’re ready to start making changes to the system, based on the approach you choose for complying with GDPR.
What is the Spektrix GDPR Toolkit?
We’ve put together a set of resources and links to other documents that we hope will help you when you’re planning your GDPR compliance, keeping in mind the objective of gaining and maintaining the right to contact as many of your customers as possible.
These resources should help you understand both the requirements and implications of GDPR, and Spektrix’s suggested approach to GDPR compliance.
You’ll find a range of documents in this toolkit - all the below can be accessed from this landing page:
- Boldly Compliant: A Guide to GDPR for Performing Arts Marketers & Fundraisers: A comprehensive white paper detailing Spektrix’s view on GDPR and our suggested approach to compliance.
- How to Implement your GDPR Approach in the Spektrix System: A practical guide to how you can use Spektrix to implement the approach you choose to take to GDPR.
- GDPR Compliance Checklist: recommended steps based on different types of organisation.
- Samples of:
- Data Processes Audit.
- Legitimate Interest Assessment.
We invite you to read through these documents, and use them to help guide and shape your overall strategy for complying with GDPR and PECR. We hope these resources will be useful for a range of purposes, but at least for the first time you look through them we would suggest following this order:
- Read the Boldly Compliant white paper first, for the comprehensive, detailed picture.
- Next read the How to Implement Your GDPR Approach guide for a more hands-on approach to your specific setup.
- Look through the checklists we’ve provided, to identify which one most closely fits your organisation.
- We recommend using a combination of Legitimate Interest and a PECR soft opt-in, for which one of the first two approaches should be most appropriate.
- Use the Sample Data Processes Audit to help plan your own audit.
- If you choose to follow a Legitimate Interest-based approach, look through the other two samples we’ve provided for inspiration on some of the requirements you’ll need to comply with.
- If you choose not to use a Legitimate Interest-based approach, refer back to the Guide to Gaining & Maintaining for information on the implications of using Consent under GDPR.
Please do also get in touch with the Support team if you have any questions about any of these resources.
If you have any further questions about how GDPR and PECR relate to Spektrix, please get in touch with the Spektrix Support team. We can’t make everything work for you, or give you black and white answers, but we care about your success and want to help you as much as we can.