GDPR and Zoho
The General Data Protection Regulation (GDPR) is a data privacy regulation that aims to give individuals better protection, control, and awareness of how their information is used, processed, or disposed.
Zoho, as a company and by its philosophy, has always believed in safeguarding customer data and ensuring its privacy, no matter where they're located. Zoho Backstage, by extension, has been carefully designed to help you process the large amount of attendee data collected by you during an event in compliance to the GDPR. If you're a business running your events in the EU, the GDPR is applicable while you handle attendee data.
We've got you covered!
Of all the others, the event industry is especially known to accumulate data from various sources and tools. In fact, one of the reasons the GDPR is in force is because of the rate at which data is being used—rather, misused—by organizations today. Well, it's not surprising to us, and that's why we've carefully made every feature in your event management software GDPR-compliant so:
- Your data is kept safe
- We can help you keep your attendees' data safe and be GDPR-compliant
How does Zoho Backstage comply with the GDPR?
Fairness and transparency in data collection
Zoho Backstage collects only the minimum required data from the user during the signup process and ensures transparency and consent in the usage of that information. If any data is received from an external source, such as from an integrated platform, Zoho Backstage keeps track of it.
Data encryption and password protection
All personal data stored in Zoho Backstage is encrypted at rest with 256-bit Advanced Encryption Standard (AES). This way your data safety is taken care of. Similarly, when any data related to the event containing the organizer, speakers, sponsors, tickets, or attendee details is downloaded, it is prompted for a password in order to avoid any unauthorized offline access.
Accessing and rectifying personal data
If at any point an organizer wants to rectify their personal data stored in Zoho Backstage that is inaccurate or incomplete, they can access it at any time from the system and modify it. To be cautious of unsolicited access to the event portal and its data, an account admin can restrict access to it by adding a range of trusted IP addresses.
The organizer can export data such as profile information, event agenda, and tickets securely with password protection. They can also import data from any other system into Zoho Backstage.
If ever an event organizer wants to port all the data from Zoho Backstage to another system, they can at any point of time. Zoho Backstage does not lock in any data.
Erasure of personal data
Zoho Backstage will erase all the personal data of a particular organizer within 60 days of the initial request.
Record organizers' activities
Keep track of all activities performed by your team (the event organizers), such as addition, deletion, or modification of any element in the event. Be aware of every change that happens in the system.
How can event organizers stay compliant using Zoho Backstage?
Handling customer data securely while keeping the regulations in mind is a tedious task. That's why we've worked to ensure that Zoho Backstage takes care of all the regulatory necessities for you to be GDPR-complaint while handling attendee data.
Right to access
Zoho Backstage gives event organizers an option to let their attendees request information of all their data stored in the product. Our advice to organizers within or outside the EU region is to keep this option available so that people can submit a request to access all their information. On request, all the information will be archived and the event organizer can share it with the attendee.
Right to rectification
If at any point of time an attendee wants to add/modify any personal information, they can do so by simply logging into their account and editing the appropriate field.
Right to delete personal information
Zoho Backstage provides an option for attendees to request that organizers delete or anonymize their data from the event website. On approval of this request, the data will be erased or anonymized within 30 days from the date of approval.
Transparency of data processing
Event organizers can set up automated emails during various points of the event, starting with registration, using Zoho Backstage. However, if prospects who've signed up but not purchased a ticket to the event want to opt-out or unsubscribe to all the event related promotional emails, they can. The organizer can choose to ask for consent to send these emails early on during the signup.
Important note regarding third-party integration
If you are integrating with any other third-party tools, please take a look at how they are responding to the GDPR to make sure you are taking the right steps to be GDPR-compliant.
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.