Whether you sell tickets or not, it is likely that you gather and hold information about your audiences and participants, board members and employees – but how well do you know your responsibilities and obligations?

The Information Commissioner’s Office (ICO) ran a surgery session at our Future of CRM and Ticketing event that helped attendees understand their legal commitments. There are 8 data protection principles that can be used to guide any data protection questions or queries, and these are mainly common sense!

1. Personal information must be fairly and lawfully processed
2. Personal information must be processed for limited purposes
3. Personal information must be adequate, relevant and not excessive
4. Personal information must be accurate and up to date
5. Personal information must not be kept for longer than is necessary
6. Personal information must be processed in line with the data subjects’ rights
7. Personal information must be secure
8. Personal information must not be transferred to other countries without adequate protection

The ICO session was designed to be very flexible and respond to current issues that surgery participants raised as real-life examples.  This included best practice around customer databases; analysing audience data for research purposes; sharing information with other organisations; and improving direct marketing strategies. Some of the questions raised on the day were:

• Q – Can a phoenix organisation use a defunct organisation’s data to reach the defunct organisation’s previous customers?  A – It’s likely best to renew permissions and refresh contact details.  Even with third party permissions customers might not be aware how the phoenix organisation got their contact details.
• Q – What is the best practice for reviewing and changing marketing permissions and sign-up questions?  A – Think about how your new questions align with previous questions and use the change as an opportunity to revisit your customers’ preferences in your next interaction with them. Also be aware of  PECR (Privacy and Electronic Communications Regulations) in this case!
• Q – Any tips on how to keep unsubscribe preferences up-to-date when CRM systems are not automatically being updated by third party software? A – If your systems don’t work together you need to do this manually on a regular basis. Organisations are responsible for acting on customers’ email and direct mail unsubscribes.

Data protection is an ongoing responsibility that arts organisations need to keep on top of and the ICO surgery session helped participants to make sure they have the right policies and procedures in place to stay on the right side of the law.

The Future of CRM and Ticketing event was a full day of workshops, top tips and blue sky thinking that will provide big ideas to revolutionise your CRM activity and a range of practical fixes that you can take back to the office. In addition to the ICO’s surgery session on data protection there were sessions from CCR, Circle Interactive, PatronBase, Spektrix and Tessitura.