GDPR Feature Updates
April 23, 2018
When the General Data Protection Regulation (GDPR) came into effect on the 25th May 2018, we introduced some new features into our system to ensure that all of our Clients stay compliant and protected, and their Customers can take full advantage of the control and protection the GDPR offers them.
Our Clients and their Customers?
There are many great resources out there to understand GDPR better, one is at https://gdpr-info.eu/ which neatly breaks it down into 11 Chapters or 99 Articles. For those who have better things to do, here are the best bits:
- The customer has to opt-in to marketing, not opt-out. Also, this needs to be separate from any T&Cs, so no sneaky business hiding the check-boxes among other ones!
- Customers under the age of 13 must have parental consent for their data to be handled
- Customers have the right to request all the data held on them & to be forgotten entirely
- Our Clients would have to respond to these requests within 1 month
At BookingLive we are staying ahead of the curve and implementing the gold standard from day one.
What is BookingLive going to do?
We are going to make sure that we meet all of the requirements of GDPR with minimum to no manual work required, specifically:
- Marketing options will be un-ticked by default and there’s a new section for them on the Billing Form
- Consent for under 13s is automated if you capture their date of birth. For products & price points aimed at children consent can be required without gathering the date of birth, this is controlled by our Clients.
- We give every customer the ability to click a link and have all their data automatically sent out to them or forgotten.
OK, but exactly how are BookingLive achieving this?
Here are some current working screenshots with explanations.
Some of our Clients market through Email, SMS or both. On the billing page we have added a contact preference section, offering the relevant options for Email and SMS as per each Client’s requirements:
2. Child Consent
To handle the consent to process information of those under the age of 13, a checkbox has been added to each participant section under specific circumstances
- The price point is intended for children e.g. a child rather than an adult ticket
- If you capture their date of birth and they are under 13
Child price point
Other price point
Before Date of Birth entered
After Date of Birth entry. Participant 1, under 13. Participant 2, over 13:
Right to access my Data
In the Customer’s MyAccount, under the “My Profile” section, there is an option to “Download a copy of my Data”. This will automatically download the Customers data without any manual steps from our Clients.
Right to be forgotten
We also have links (as above) to clear Customer’s order history, related participants and to be forgotten. All of these require the user to re-enter their password to confirm:
The Forget Me option will only be available if the user’s information is no longer required (ie they have no future bookings), otherwise, they will receive the message below.
Otherwise this will follow the same process as the above options and require the user to enter their password to confirm the action.
Price point setup
For each section of the booking form, depending on the price point selected, our customers can set whether or not parental consent is required. By default it is set to DOB, parental consent is only required if they expressly state that they are under 13 by entering their date of birth (so never if their DOB is not captured). Otherwise, it can be set to on, so with or without date of birth the parental consent tick box always appears.
If you have any further questions about GDPR and BookingLive, feel free to contact us. To view our knowledge base article on the data flow of information within the BookingLive Enterprise product, click here.