The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. We’re pleased to confirm that DigiTickets will be GDPR compliant prior to the deadline, and we’ve set out some additional information below highlighting the changes that will shortly be taking effect within the DigiTickets software.
As your chosen Data Processor, we’ve always recognised the importance of the end-user personal data that you collect and to that end, we have always maintained strong data processing procedures and principles, combined with ensuring our solutions have exceptional security and infrastructure.
As part of the GDPR process, we have been busy reviewing, scoping and enhancing the DigiTickets software where required. We are in the closing stages of the final enhancements to provide you with the requisite functionality to allow you to comply with GDPR, and the below points summarise the key functionality applicable to GDPR.
Features & Functionality Relating To GDPR
Security Measures & Data Storage
The security of your end-user data is of paramount importance to us and this is why our cloud-based software, and your end-user personal data, is stored on Amazon Web Services (AWS) – one of the world’s leading hosting infrastructures. We have been carefully watching AWS’ progress with GDPR and on 26 March 2018 they confirmed that all their services were GDPR ready. AWS have confirmed that they have developed functionality that allows for:
See here for further information https://aws.amazon.com/compliance/gdpr-center/
We can confirm that DigiTickets does not store any data outside of the EU. However, in the event that you have requested that we transfer data to third parties who you directly contract with (such as mail providers or payment gateways), you will need to check directly with the third parties in question as to where they store your data.
GDPR Administrative Changes
We have also been ensuring that our internal procedures and processes comply with GDPR and the following documents will be shortly ready for release:
We have been busy training our staff and ensuring that their knowledge in respect of GDPR is up to date. You will see some changes in the way in which data handling / processing requests are dealt with by our team to ensure that the end-user data is kept secure. These will be detailed in our New Data Protection Policy which will be released shortly.
We pride ourselves on being helpful and going that extra mile with our service, but unfortunately, we cannot provide you with any advice about how you need to comply with the requirements under GDPR because we do not have the ability to fully audit your business and to determine how you process your end-user data.
We have been working hard to update the functionality within DigiTickets as required and we believe that we have an adaptable product to meet all GDPR needs of each of our clients. However, you will need to take your own advice in respect of GDPR as DigiTickets cannot accept any liability or responsibility for how you approach or comply with GDPR.
We will of course provide you with all of the necessary guidance and explanation about the functionality DigiTickets offers but suggest that if you are unsure on how to comply with GDPR that you seek your own legal advice.
Richard Booker Managing Director
31st Mar 2018