VENUES, TICKETING companies, booking agencies and festival organisers are among those preparing for new European Union regulations governing how personal data is obtained and kept.
Under General Data Protection Regulations (GDPR), organisations are required to ensure customers give active consent to store their data, tighten conditions around data sharing with third parties and place stricter security constraints on data storage, including data breach reporting.
Those who do not comply with GDPR requirements, which come into effect on 25 May, face prosecution and fines, although data can still be shared for security reasons.
“It affects everyone that holds personal data – what they are doing with it, how long it is retained and whether it is being sold on,” says cyber security consultant Adam King.
“Two of the biggest worries companies in live entertainment have is telling people who they are sharing data with and getting their privacy statements correct. There is a lot that needs to be refined and brought up to scratch.”
Paul Reed, chief executive of the Association of Independent Festivals, which represents the organisers of 65 events, says its members are well drilled on the issues.
“There has certainly been concern, but we’ve run events and provided members with templates and advice around data protection,” he says.
“It’s important there isn’t scaremongering, as it’s evolution rather than revolution and is about more transparency and more accountability. In general there is good awareness of the issue and coming into line.”