It seems like yesterday that we encountered yet another acronym. Now, as we know only too well, the EU’s General Data Protection Regulation (GDPR) will come into effect in all member states, including Ireland, on 25 May 2018.

A quick guide to GDPR compliance

The Data Protection Commissioner has published a guide for organisations, clearly and simply setting out 12 steps to GDPR compliance. Lots of other publications exist but this is the source material.

There are big differences between organisations as to their scale, activity and what data they hold, all of which will determine the necessary processes and safeguards required around that data. So the recommended approach is to apply these 12 steps to your own organisation and from your own data inventory and map, work systematically to put the necessary safeguards and processes in place as quickly as is realistic.

Here’s another update from Philip Lee Solicitors in a follow up to their GDPR Theatre Forum member training session last September.

Sample policies

We’ve had requests for data protection and privacy policy templates. Many organisations have already published GDPR compliant versions of these policies on their websites. The data protection and privacy ones, published by Charities Institute in the public area of its website, could be used as templates for your organisation’s policies but should be adapted to suit your own organisation.

Ticketsolve guide to GDPR and ticketing systems

The Ticketsolve team has been doing lots of work with their venue and festival clients to ensure that they’re GDPR compliant. Review their guide to ensuring that Ticketsolve venue and festival clients are GDPR compliant and to double-check that you’re making all the necessary changes with your own organisation’s ticketing system company as a data controller.

GDPR and compliance discussions can become complex too quickly. Our advice is to make use of all available resources starting with the 12 Step Guide from the Data Commissioner. Once you’ve identified the policies and processes that should be in place, make best use of the resources available to get them in place quickly.

Please contact us with queries. We may not be able to answer your GDPR questions directly but should be able to direct you to useful resources.