GDPR // Ticketing System Readiness Series

How are leading systems responding to changes in EU Data Protection? In the latest in this series we take a look at Tessitura





Tessitura Network has always had data protection features present in their software and they have worked with their European Licensees to build a more granular specification for the new privacy features to meet the GDPR requirements. These were released in the latest iteration of the software (Version 14).


Their view

As a non-profit organisation, Tessitura Network exists to serve its licensees. The development of specific privacy functions to enable the venues they work with to be GDPR compliant has been driven by close consultation with these licensees.


What we saw

During our session, we were shown the latest release of software configured for a demonstration environment. We saw the staff interfaces for viewing and manipulating constituent (customer) records and ticket orders. We did not see a live example of how this will look online as this is currently in development.


Great to see

Tessitura is one of two systems we have seen that delivers a smooth and logical data journey for collecting explicit consent for third party producers and promoters. More systems really do need to prioritise not only this compliance but delivering it this well. We saw this working in the orders and customer screen in Tessitura and it is similar to what we have seen with others in prompting for consent based on basket contents and previous permissions gained.


As you can see in the ticket orders screen above, Paddington has never been asked for these permissions and this has caused the permissions box to pop up automatically at the end of an order. If Paddington had placed something in his basket that required the staff member to ask permission on behalf of another organisation, such as a visiting, partner or funded organisation, those permissions would also automatically pop such as below. You can see that ‘Organisation B’ has been flagged for a permission because of what is in Paddington’s basket.


If a permission becomes out of date, this will also cause the box to pop up – prompting the sales person to update the customer’s permissions. There is a ‘Today’ button that can be clicked if the customer is happy to continue with the same permissions as they already have on file.


 What we didn’t see ……. but is coming

The ability to clearly see in the audit logs that permissions regarding contacts were changed, the before and after values, who changed them, in what channel, when etc. This is a much-needed piece of functionality as you will need to specifically document when, who and who gave explicit consent if your organisation chooses to use consent as a basis for on-going processing. Tessitura’s auditing already includes this information, it is the displaying of it that is in development for release shortly.


Transition Services and Issues

With an extensive consultancy offering, Tessitura have a range of services to help manipulate or update existing data sets. Although we did not see it in operation, we understand that the ‘Out of the Box’ web interface TNEW (Tessitura Network Express Web) will gain access to these privacy controls as we saw in the back office. Of course, those organisations that have developed their own web flows against Tessitura’s impressive API will need to work with their digital agencies (Apps too!) to ensure these features and functions are being fully utilised.


Issue to consider

In the set-up we saw the title of a consent strand and communication channel ie ‘Marketing – SMS’ / ‘Fundraising – email’ it was not possible for the full statement to appear in the ticket orders screen however this could easily be stored in a custom table or screen if desired. Tessitura Network staff pointed out that this would also normally form part of your staff training and monitoring. However, venues will need to consider how longer term they ensure that the questions being asked are being kept inline with permissions already gained, if they are using consent as the basis for on-going processing and communication.


Stand out feature

In addition to only being the second system to deliver great tools for data sharing, we particularly like how granular Tessitura can be at reconfirming consent. Their superb ‘TODAY’ button allows staff to simply reconfirm all existing permissions with a single click when a customer is in contact with the call centre or box office. It will be interesting to see how the web takes advantage of this feature.



Tessitura’s community based steering has led it to deliver some smart tools, with end users in mind, allowing them to deploy their own organisation’s GDPR interpretation or policies as they see fit, not as their software company sees.


This article gives information in relation to what we consider to be best practice. However, compliance is context and fact sensitive and as such following any guidance does not guarantee regulatory or statutory compliance.

The Information Commissioners Office will judge any complaint on its own merits, and organisations in need of context or situation specific legal advice should seek it from an appropriately qualified source.

This work has been made possible by support from Arts Council England