Swoogo welcomes the new requirements for security and data protection that the GDPR adds and ensures we fully comply with these regulations enforced since May 25, 2018.
In order to help you comply with GDPR, we’ve added the following options in the system:
Personal Information Field Setting: We’ve added a field setting to all event and contact level fields that allows you to note specific fields as Personal Information, to save you the step of adding that yourself.
Right to be forgotten/Request for access: One of the main parts of GDPR is a “right to be forgotten”. You could do this currently but you would need to delete each registration record and contact record. Sounds easy, right? Well, we’ve added some improvements to make this an easier process for you to gather and overwrite personal registrant information.
These options are available to you to use as you best determine, however, they will need to be activated and set up by you in your account and on your events.
Swoogo is the data processor however, you are the data controller in the context of GDPR and data protection. Swoogo allows you to add whatever questions you want to the registration flow and you can set key metrics such as defaults for questions and whether a question is noted as containing personal information, something critical for GDPR, especially given you have to let registrants know in what capacity you will be holding and using their data.
We are unable to advise you on explicit use cases (we’re not lawyers), but we have added the ability to allow you to comply with GDPR regulations.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It aims to primarily give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Swoogo is a PCI Level 1 compliant software solution with a firm and robust commitment to the privacy and security of all customer and registrant data. Our protection includes:
Externally audited security documented processes and policy.
All protocols used for data transmission are secured using high levels of encryption.
Data is stored on an internal network, logically and physically separated from the internet behind multiple layers of protection.
Data is secured at rest and in transit.
Privileged access requires two-factor authentication.
Our servers are located in the AWS-Ireland (EU/Ireland) Region (AWS CloudFormation).
Swoogo sets the following cookies by default:
PHPSESSID: Tracks your session across the registration process.
Cross-Site Request Forgery Token (CSRF): Security validation before submitting to ensure that the original viewer is the form submitter.
Cookie Consent Status: Tracks if you have consented to the system-generated cookie alert popup by dismissing the message.
If you have any questions concerning Swoogo’s GDPR compliance efforts, please contact [email protected]