GDPR Compliance

Data management and privacy policies to keep your data safe from threats

GDPR compliance

Last Updated: Jan 4, 2019

The GDPR - General Data Protection Regulation - aims to create a new data protection regime, applicable to all organisations established in Europe and, depending on the circumstances, outside the limits of that territory as well.

When does GDPR takes place?

GDPR will require a series of items regarding data security, transparency, privacy and confidentiality. The regulation takes effect from May 25th 2018.

If your company does not comply with the legislation rules, fines can be as high as 20 million euros or 4% of total worldwide annual turnover, whichever is higher.

Who handles the data?

It is important to understand that GDPR is about 'who' is doing something. InEvent or any other software company will provide the meanings to understand where data came from, but we cannot prohibit an ill-intentioned employee in your organization from uploading a full list of contacts which you don't have permission to communicate with. In such a case, InEvent will identify who performed which action so you can apply your organization internal compliance.

Data Controllers Data Processors
It is your company It is the software you use to store and process customers and prospects data
Primary responsibility Secondary responsibility
It is responsible for security, transparency, privacy and confidentiality It is responsible for guaranteeing that the company data are stored and processed in a secure way
Collects information through forms and similar means It is responsible for security and privacy in processing the collected data

How InEvent helps?

InEvent helps your data compliance with tools to manage your customer's privacy:

Right to data portability

Customers have the right to receive their personal data from a controller in a structured, commonly used and machine-readable format so they can transfer those data to another data controller without interference. InEvent provides this through a public page where users can see all the events they are enrolled at and request their information stored on this event at anytime.

Right to erasure

The right to be forgotten is part of GDPR and users can request this at any minute during their days. Information is logged for administrative and forensic purposes. InEvent provides a public page where users can type their email address, receive a confirmation and confirm they want to be forgotten.

Consent requirements

Under the GDPR, consent must be given by a statement or a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of an individual’s agreement to the processing of their personal data. A request for consent cannot be bundled together with other terms in a contract; it must be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

  • Clear opt-in forms for your leads marketing communication.
  • Fixed terms of use field for new app downloads.
  • Lead source viewable from your main event panel.
  • Email communication platform with obligatory unsubscribe button.
Data protection by design and by default

InEvent is compliant with a series of protocols, including SOC 2, which provides the Standard Operating Procedure for different cases scenarios. These documents, which include our Business Continuity Plan and Disaster Recovery Plan, ensure your data protection by product design.

Breach notification requirements

The GDPR requires that data breaches be reported to the competent supervisory authority (of the EU Member State concerned) without undue delay, and where feasible, within 72 hours of the organization becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. InEvent monitors the API usage from each customer and provides a series of triggers that can be activated for your IT security team.

Data retention standard policy

Personal data is stored for as long as the contract is active after which the personal data is automatically erased by the data processor.

The complete platform for all your events

Pedro Goes

+1 470 751 3193

InEvent InEvent InEvent InEvent

We use cookies to improve your website experience and provide more personalized services to you across our platform.

To find out more about the cookies we use, see our Privacy Policy.