Data protection primer

Added: 12th May 2015    Category: Expert Advice

When handling personal information, such as the contact details for your customers, you need to remain compliant with the Data Protection Act. Failure to do so could result in a large fine. As customer data is jointly owned by Skiddle, we may also terminate your data sharing agreement if you are found to be breaching the DPA.

The act has 8 principles, here we'll explain briefly how these may apply to you to make things easier:

  1. Personal data shall be processed fairly and lawfully 
    Customers are purchasing tickets from you (or registering for an event) and during this process they consent to sharing their contact information, via our Terms and Conditions. Your obligations are to ensure that once you have access to this data, you use it lawfully - the main requirement is to ensure you do not share it with any third parties without consent.

  2. Used for limited, specifically stated purposes
    You must only use this data in connection with the purpose you collected it for (eg to promote and run your events). You should not, therefore, sell the data or use it for another unrelated business.

  3. Used in a way that is adequate, relevant and not excessive 
    We only collect the basic contact information, which is relevant to the order being placed.

  4. Personal data shall be accurate
    Data is input by the customer themselves, which should ensure it is accurate at time of purchase. After you have downloaded customer data, you should have a method to allow customers to update their details in your own system should they wish (eg your mailing list).

  5. Kept for no longer than necessary
    If you stop running events or no longer need the data, you should delete the data you have collected. If a customer asks for their data to be deleted, you should do so.

  6. Handled according to people's data protection rights
    Anyone on your customer data lists has the right to access, amend or delete the data. You should ensure that if a customer requests their data is deleted, you act upon this immediately.

  7. Kept safe and secure
    You should never allow access to customer data to third parties. You must keep the data secure, this includes when in transit. Do not send customer data over email unless it is strongly encrypted and protected by password. Never upload customer data to a third party website without using HTTPS secure connection. Do not leave data on laptops or mobile phones without password protection.

  8. Not transferred outside of the EU without adequete protection
    Be careful about where you store your data (eg in the cloud) as countries outside of the EU may not comply with the required data protection standards. You should check where your mailing list provider is situated.

Please note, we are not legal advisors, please always seek advice from a solicitor or legal professional if you are unsure of your legal obligations.

article categories

Case Studies
18 articles
2 articles
Expert Advice
24 articles
Get in touch
1 article
Get Noticed
1 article
Getting Started
20 articles
New Features
13 articles
0 articles
Social Media
5 articles

Register | Log In

Tel: 0333 301 0301 ·