top of page


Is your control room GDPR compliant?

Companies are under more pressure than ever with regards to the ways in which they’re handling data. In the wake of the Cambridge Analytica Facebook scandal, privacy laws in the EU have been tightened to the point where anyone who deals with data is running scared. While the GDPR laws have been adopted by many since 2016, for a lot of businesses, this is the first time they’ve heard of them. Many companies are still unclear on how the laws, which came into full effect on May 25th after a two-year transition period, impact them.

Vital Facts on GDPR

While this is an EU law, it applies extraterritorially, which means it protects the privacy of all EU citizens regardless of where they are located in the world. The law provides strong data protection and digital privacy laws to guide how data is collected, stored and leveraged.

So what does GDPR legislation mean for you? It means that even if you are a company operating outside the EU, if you are collecting data on your customers or patrons in any way, you need to follow the laws.

Thankfully, you’re allowed by law to collect data for public safety and “the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security”.

The legislation also states, “The controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.” That means you can no longer simply rely on handwritten notes or Excel spreadsheets when logging incidents. You legally need to show you’re using ‘appropriate technical and organisational measures’.

The law goes on to say, “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information:

  • the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;

  • the purposes of the processing;

  • a description of the categories of data subjects and of the categories of personal data;

  • the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;

  • where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and… the documentation of suitable safeguards;

  • where possible, the envisaged time limits for erasure of the different categories of data;

  • where possible, a general description of the technical and organisational security measures

That’s just the tip of the iceberg. There’s a lot more to consider, so it’s worth reading the full legislation on their website.

It’s complicated – especially for the managers of crowded events – but don’t worry, there is a simple solution.

Event management software from Chronosoft is at the forefront of data security and is 100% GDPR compliant.

Chronosoft’s commitment to data privacy along with the strong privacy and security it builds into its products, means that you can confidently log all incidents at your event while remaining compliant with GDPR.

Further, the accurate, time stamped reports provided by the system combined with its data management practices can be key in showing you have implemented appropriate technical measures to control and manage the data you have gathered.

In the event that an EU citizen requests access to their data, requests to be removed from records, or requests any other action under GDPR, event management software from Chronosoft is ready and able to comply.

Chronosoft is completely transparent about what data is collected, it provides local storage in most client jurisdictions, and by ensuring its operations are GDPR compliant, it helps clients maintain their own GDPR compliance, and protects them against the threat of costly litigation.


bottom of page