It’s not the most interesting of subjects and believe me….it’s caused more than a few headaches here at Imagine HQ.
But the law is the law, and I’ve always complied (because I wouldn’t have it any other way).
GDPR (or General Data Protection Regulation) is coming into force in the UK on 28th May 2018, and I’m happy to say I’m ready, and indeed fully compliant with the replacement for the antiquated Data Protection Act.
Why is the law changing?
The Data Protection Act as it stood, wasn’t geared up for the modern digital world. The amount of data that’s held about you and me on computer systems worldwide is shocking….and how it’s used even more-so (need I mention the current Facebook/Cambridge Analytica debacle?)
An example you may be more familiar with….Tesco Clubcard. They record everything you’ve purchased and analyse that information to profile what you’re likely to purchase in the future.
I don’t do that!
Although this is a European Union directive and the UK will shortly be leaving the EU, the UK has opted to enact the regulations in full, with some enhancements.
In short, it means that to hold personally identifiable data, a company needs your permission in certain circumstances. This is even more important when the information is to be used for marketing purposes.
The regulation applies to personal data no matter how it’s recorded, whether that’s electronically or on paper.
Permission must now be explicitly given by you to hold the information as well. The days of “silent consent” or pre-ticked boxes are over. You must now “Opt In” to have your data stored for certain purposes.
So I hear you ask….how does it affect me?
In the way I run Imagine, it doesn’t. I’ve always been open and honest with customers and that’s something I’m proud of. Want a copy of the data I hold about you? No problem (and no charge either).
OK, from now on I’ll have to mention on the telephone and email that under GDPR I’m going to store certain information and gain your explicit consent to store it. Without that information though, we can’t do business because by law I’m legally obliged to hold certain information (see below about what information I hold).
I’ve NEVER used customer information for marketing purposes, and wouldn’t dream of making it available to 3rd parties….that’s not in my business ethic. Several customers have found this out in the past when I’ve refused to release email addresses of previous customers for references.
GDPR underpins this attitude though (some companies would have happily charged an admin fee or even refused access to your details in the past….they can’t do that after 28th May!)
What information do you hold on me?
Surprisingly little, because I don’t need to.
I need to be able to contact you via email or telephone about your event, and if necessary be able to write to you should the aforementioned fail (it’s very rare for me to post a letter to a customer by the way unless they’ve specifically asked for it).
Under GDPR, there are SIX lawful reasons for collecting customer data. The method I use is Contract.
I have to collect a certain amount of personal information from you as a customer when you book to create the contract which binds us both to the service I’m going to provide. Those details are:
- Your name
- Your address
- If you’re booking on behalf of a company, the company address
- Your email address
- Your contact telephone number
And believe it or not…that’s all as far as personally identifiable information is concerned.
I also hold photographs of every event which I use for my own marketing and promotional purposes which may contain the faces of either you or your guests. Faces are considered to be personally identifiable information under the new regulations and I’ve always asked for consent to take photographic/videographic images during an event.
If you want these deleted after the event (no matter how long after your event), please let me know and I’ll make sure it happens.
I also collect and process information such as the timeline for your event, music requests and any specific requests relating to how you need me to perform during your event. None of this information is personally identifiable and as such, isn’t covered under GDPR.
This data is stored on a secure and GDPR approved server in the UK (that part has taken a LOT of work…my former booking system was based in the USA which at the time of writing is NOT approved under the new regulations under Principle 8 of Data Protection), and you’re welcome to ask me for a copy of it at any time.
Details such as payment information other than the date and the amount, are not stored by me. Details of any payments to me are stored by either PayPal if paying by credit or debit card (who are already GDPR compliant), or by my bank (also GDPR compliant)
Who has access to my information?
Me, and my dear lady wife (Elizabeth Braybrook), who only has access in the event of an emergency (for instance, me being hospitalised). Imagine Entertainment is run as a family business and nobody external to myself or my wife can access the storage systems used.
Who is your Data Protection Officer?
Under the new regulations, a company (or even Sole Trader like myself) must name a Data Protection Officer for the purposes of the Act.
For the purposes of GDPR, this is me. My contact details are:
Name: Wayne Braybrook
Telephone: 01353 771303
Postal address: Imagine Entertainment, 29 Elm Close, Ely, Cambridgeshire, CB6 2JH
ICO reference no.: ZA321775
Can I have my data deleted?
That depends on whether you’ve hired me or not.
All enquiries are stored electronically, it helps me to manage my diary. Once the date of an event has passed where the enquirer hasn’t booked me, or an enquirer specifically lets me know that they have no need for my services, then all details are permanently removed,
If however you’ve used my services, I must by law retain those details for 7 years under HMRC rules.
Need to know more?
GDPR is long and complicated. It’s also very important.
The regulations are difficult to get your head around (trust me…I’ve done it), but they protect you and your personal information which in today’s digital world, is important!
For more information regarding GDPR, please visit the Information Commissioner’s website.