GDPR // Ticketing System Readiness Series
How are leading systems responding to changes in EU Data Protection? In the latest in this series we take a look at SRO by SeatGeek Enterprise
SRO by Seat Geek Enterprise
SRO, or SRO4 until recently, is an enterprise ticketing platform used by a range of entertainment, sports and attraction clients around the World.
SRO empowers their users through a variety of tools to allow them to configure data collection, customer flows and experience, using their cutting edge ‘Rules Engine’ to shape these experiences.
What we saw
During our session, we examined the online customer experience using the eSRO module (the out-of-the-box) online experience, in addition to this we walked through gaining consent in a face to face transaction using a number of the interfaces that Seat Geek offer, including their intuitive touch screen interface.
Great to see
It sounds old fashioned but we have loved seeing the ‘Ask me later’ feature as part of this process, several systems have it and SRO is in that select group. Even as venues push towards GDPR compliance they must not lose sight of the fact that customers (and staff) are busy people – someone not being asked or not positively giving their consent is not the same thing as them saying ‘NO’. The use of ask me later functionality or even recording that no answer was given allows the question to be foregrounded in a later transaction.
What we didn’t see ……. but is coming
Seat Geek’s large development team have prioritised the delivery of tools to seek what we will describe as ‘basket content specific permissions’. Given that SRO allows an almost unlimited number of levels of permission venues could choose to create a new level for every visiting show or company, however the end user or operator would not be directed to which ones were relevant for the current purchase.
EDIT: We have recently seen a beta version showing this.
Transition Services and Issues
As part of Seat Geek’s commitment to providing a high quality service to their clients, they have embarked on a series of education sessions with all helpdesk staff on both the issues and different basis for processing approaches. With a number of tools to export, import and manipulate data within SRO users may choose to undertake tasks themselves or engage with the helpdesk
SeatGeek Enterprise are also planning training sessions on new tools and ways of working with SRO / GDPR in the new year.
Issue to consider
Currently in SRO there are two levels of permission on a customer record – first ‘XYZ can contact m’ and then communication specific preferences. Putting ourselves in the consumers position, will then realise that if they tick the ‘first’ box that they also need to give the granular permissions for each type of communication? As businesses, we are aware of our obligations, but I am not sure consumers will be aware of it. It may be necessary to think about online forms are labelled and worded.
Stand out feature
SRO has one of, if not perhaps the, best auditing engine we have seen in any system, certainly as part of this series of reviews. It is in a select few systems that audits EVERY field, recording both the before and after values, along with date and time stamping. What does this add to a venue’s drive towards compliance? Simple, your consent based opt-in says ‘We would like to contact you about upcoming shows’ – people opt it. Someone then changes that phrase to read ‘We would like to contact you about upcoming shows, restaurant offers and send you membership offers’ – people opt in. Which people saw message 1 and which saw message 2 when indicating their consent? The fact that SRO audits that change, their users are in a select group that could demonstrate the exact message a customer saw when giving consent.
SRO’s powerful database is its key strength in providing tools to achieve GDPR compliance. If relying on consent as a basis for processing, it is vital that where, when, who and whats are all recorded and easy to produce if ever needed. Still some pieces to add to the jigsaw but SRO has the key pieces in place to build on.
This article gives information in relation to what we consider to be best practice. However, compliance is context and fact sensitive and as such following any guidance does not guarantee regulatory or statutory compliance.
The Information Commissioners Office will judge any complaint on its own merits, and organisations in need of context or situation specific legal advice should seek it from an appropriately qualified source.
This work has been made possible by support from Arts Council England