Swapcard and GDPR

Are you compliant with General Data Protection Rules (GDPR)? As of May 25, 2018, a new data protection framework expands EU individuals’ privacy rights. No matter where you’re located, GDPR places important new obligations on organizations that track or handle personal data. That means you - event organizers and planners - and us here at event platform Swapcard.

Hold on. Take a deep breath. We’re here to help. How? Through Swapcard’s robust privacy and security protections we make sure your attendees’ data are safe - and so are you.

Why We Care

We’ve always had comprehensive policies and procedures for ensuring we store and process personal data in a secure way. But GDPR means we’ve been reviewing and updating best practices as well as conducting internal training.

Swapcard welcomes the GDPR. For us, it’s an opportunity to deepen our commitment to data protection. For you, it means there are nine bases you need to cover. And this is where we come into the picture.

How to Comply in 9 Steps

1. Here are the key changes that GDPR entails for event organizers and planners - and how we respond and comply.
2. Attendees must opt-in when they register for an event. This means they agree their data will be stored and accessed for three years by you - the organizers - and us.
3. Opt-in forms, the dates when they were completed, and their sources must be tracked and saved.
4. After three years, that inactive users’ details should be removed and deleted from the database.
5. Attendees’ data will not be exchanged with or transferred to any other organization or company.
6. Personal data will not be used for commercialization purposes. This means organizers can contact attendees through the app like any other participant, but we will never share the full attendees’ list.
7. We’ve updated contractual terms and conditions to redefine responsibilities and liabilities concerning personal data. The result is clearer rules for managing personal data and definitions of each party's accountability
8. We introduced new technical measures to ensure security matches data risk. By monitoring trends in user/system activity, we are now better positioned to identify anomalies in human/machine behavior. This means we are better prepared to detect unauthorized actions which may be linked to a data breach.
9. These updates will allow Swapcard clients to easily publish their privacy notice and collect consent for their use of participants’ data – and prove when consent was provided.

These Recommendations Are Not Legal Advice

A final reminder: the above information has been provided to help you better understand Swapcard’s position on the GDPR and how we’ll be supporting compliance. However, the information in this article is not legal advice. For many businesses, coordinating with legal representation is the best way to prepare for the GDPR.

Trusted by more than 1000 event organizers, Swapcard is one of the most secure and reliable event engagement technology platforms on the market.

Learn more about our security features and policies on our data security page. Or just feel free to schedule a chat with someone from our team.