GDPR // Ticketing System Readiness Series
How are leading systems responding to changes in EU Data Protection? In the latest in this series we take a look at AudienceView
AudienceView provides systems to organisations around the globe, so has a strong history of providing national or continental compliance tools.
As a software supplier, their belief is around facilitation, not enforcement. Their mission (and what we have seen in versions examined) is to provide their clients with the tools they need, leaving them to decide how they use them to operate in a GDPR compliant way.
What we saw
During our session we examined version 6.8 – some customers in the UK will have already moved to version 7, but most are still using the version we saw as part of our session.
Great to see
AudienceView is one of only a few systems we have seen that has a very granular audit system. Not simply which seat was sold by whom, but much deeper. If venues are using consent as their basis for processing data, they should be able to reference when, where and how consent was obtained. It will also be necessary to be able to show the message that was displayed (or read) to the customer at that time. Audienceview audits changes to labels in their system, so venues will be able to definitively prove the message displayed at time of consent.
What we didn’t see ……. but is coming
AudienceView shared their roadmap on issues relating to GDPR – with three key items set for delivery in early 2018. The expansion of the 3rd party permissions solution that they current use will be a key element, at present this is handled through event specific questions, which does allow both an audit and a specific named permission to be sought. Customer obfuscation – as it is called on the roadmap delivers simple tools to facilitate ‘the right to be forgotten’ should that right be deemed appropriate by venues. Perhaps the one I liked the title of most was ‘GDPR success’ which is a collection of tools to make life easier for data controllers, bringing views and reports together for easier data management.
Transition Services and Issues
There are already some of the key elements in AudienceView that venues can use on their journey towards GDPR compliance. With the update due in 2018, venues will need to consider how these are deployed and whether they will need to migrate or update newly available fields from the ones currently used to store consent or third party sharing options. The ability to mass move data has long since existed in Audienceview, it will be the venues that will need to plan that transition and updates to their customer service team policies.
Issue to consider
One of AudienceView’s standout features, in my opinion, is their inbuilt CMS which enables venues to create multiple microsites. These can all deliver differing content or inventory. The rules that control these flows are called roles. Commonly they use a role called ‘internet’ for online. The role is shown as part of the audit trail. If differing methods or wording around data sharing and GDPR compliance are to be used on these different sites, organisations may wish to think about having a clear role for each microsite (Internet-mainsite) / (Internet-panto-site) for instance.
Stand out feature
Again, my stand out feature is one rarely seen in other systems. This is a simple ‘stop all communication’ option that is available in a customer’s record. ( I called ithe ‘nuke’ feature) – but we must understand that, if using consent as a basis for marketing, we must make it as easy for a customer to withdraw their consent as it was to grant it.
Audienceview are already well on the way to deliver some great tools to allow venues to achieve GDPR compliance. There may be updates to come in 2018, but we were encouraged to see they have, for a very long time, had a solid and reliable audit engine around permissions and customer data as a whole.
This article gives information in relation to what we consider to be best practice. However, compliance is context and fact sensitive and as such following any guidance does not guarantee regulatory or statutory compliance.
The Information Commissioners Office will judge any complaint on its own merits, and organisations in need of context or situation specific legal advice should seek it from an appropriately qualified source.
This work has been made possible by support from Arts Council England