GDPR laws and Stageshow

In the UK much of what is in the GDPR is already covered by the Data Protection Act, and as far as I can tell nothing in StageShow makes it non-compliant with GDPR.

Version 7.0 (out soon) will include a mechanism (using a new shortcode) for customers to be emailed a copy of their data that is stored by StageShow (i.e. all their sales records) and this will be extended to include a CSV download of the same data and this will satisfy the “Right of Access”. This could equally well be provided by exporting the database as a CSV and selecting the appropriate entries manually, so the lack of this facility does not make StageShow non-compliant.

I’m also looking at the “Right to Erasure”. Assuming that the lawful basis will be “Contract” then, again as far as I can tell, that right cannot be exercised until the time that financial records have to be held has expired (7 years in the UK?).

There does not appear to be a requirement for all personal data to be encrypted, GDPR just says “Where appropriate, you should look to use measures such as pseudonymisation and encryption.”. What that really means is anybody’s guess, but I’m taking it that I don’t nee to change this at this stage.

The definitive guide to GDPR can be found here

• This reply was modified 6 years, 11 months ago by Malcolm.

Thanks for that. I think something we need though, is a confirmation tickbox in the box office ( [sshow-boxoffice] ) to allow permission for the storage of their email address, as part of the ordering system.

Cheers

If you can find anything in the GDPR that requires it then I happily add it, but I haven’t seen anything that I think would make that a requirement. You do however need their consent if you will use their email for marketing purposes (a different issue).

My take is that you need their email to be able to fulfill your contract with them, so you don’t need their consent. You do however have to publish a Privacy Statement that says what you do store, and for how long.

OK thanks for info….

I think our issue may also boil to the fact that we do send out future show details to previous customers via email, and we have to find a way to make that opt-out-able at point of sale, and also automatically if need be after the fact.

I doubt I’m the only person that does, as as such, is it something you’d consider putting into the plugin at some point?

I could do some PHP code myself if need be, but it would be a pain. ??

Cheers

I enthusiastically second an opt-in box for marketing emails. It’s a big opportunity missed at the moment, not being able to add people to our mailing database when they purchase tickets and they’re much more likely to sign up at the same time as buying, rather than in response to a later, separate request by email. Please do consider adding this ??

If it helps anyone. I just added the sign up for our newsletter to the success and cancelled pages the customer sees after buying their tickets (or not buying them)

Graham