GDPR Compliant

Events are inherently personal. Most events require that attendees provide personal contact information about themselves to secure their registration online or to buy a ticket. Other events request more personal information so that the event organizer to carry out the event and give the attendees a more personalized experience.

This page highlights the GDPR features and frequently asked questions about how our WordPress events registration and ticketing plugin can help you comply with GDPR.

GDPR Compliance Features

No matter what type of event you organize, with Event Espresso it is easy to comply with the European Union’s General Data Protection Regulation (GDPR). For EU businesses or businesses that have EU customers, our WordPress events plugin provides several features that are important to GDPR compliance.

• Privacy Policy Page -The latest Privacy and Maintenance release of WordPress, 4.9.6, comes with many features to help your website become GDPR compliant. Event Espresso has contributed to those new features, and makes use of them in Event Espresso 4.9.62. You can navigate to the new Privacy Policy page by going to WordPress > Settings > Privacy and the click on “Check out our guide“.
• Export Personal Data – WordPress 4.9.6 allows admins to generate a report of an individual’s personal information and send it to them. In Event Espresso 4, we add the individual’s registration details to the report automatically when it’s being created.
• Erase Personal Data – Along with the ability to export data, WordPress 4.9.6 adds a tool that allows site admins to erase personal data stored in their WordPress site. When an admin erases an individual’s personal data, Event Espresso makes sure their registration data is also erased.
• GDPR/Privacy Policy Content Tool – Per GDPR regulations, site owners need to have a Privacy Policy page. By default, WordPress doesn’t collect any data from visitors unless they post a comment. However many plugins add third-party services that collect visitor data. WordPress 4.9.6 adds a Privacy Policy guide to help you create a comprehensive “Privacy Policy” page. Event Espresso 4.9.62 adds suggested text to this guide page, to help you know what Event Espresso is doing with regards to user privacy.

Upcoming Features

• Deactivate payment method logging
• Anonymize registrant IP address (as under the GDPR, a user’s IP address is considered personal data and shouldn’t be stored unless explicit consent is given)
• Consent Checkbox – For GDPR compliance, users should consent to your website’s privacy policy before you store their data. To do that, in the registration form on your website, you should display a short message informing verifying they understand and consent to your privacy policy. You can currently create a custom question to do this, but we want to make things even easier by adding the checkbox and link for you.
• Easier Registration Data Removal – GDPR encourages “Privacy by Design” which, in a nutshell, means don’t store any personal information you don’t need. After an event is finished, you might not need the personal information of its attendees. So we’re going to make it easier to remove an expired event and its attendees from your system.

Common Questions About GDPR and our Online Event Registration and Ticketing Plugin for WordPress

Here are a few common questions we’ve gotten about GDPR and Event Espresso:

Do I have to comply with GDPR even if I’m not in the EU?

Yes, GDPR applies to all companies that control and process EU data, no matter where your business is located. That includes you if you collect the email addresses of any EU citizens. As a website owner, you may need to follow national or international privacy laws. For example, you may need to create and display a privacy policy.

Does the Event Espresso Team have access to registration data on my website?

No, the team at Event Espresso does not have access to registration data or records stored on your website. The only time someone from our team would have access to those records is if you purchase a support token and you permitted us to login to your website, at which time you would securely share a temporary set of credentials with our support staff.

Does the Event Espresso plugin share registration information with a third-party service?

No. Out of the box, the Event Espresso plugin does not share registration information with any third-party service. However, Event Espresso can be modified, by way of add-ons, extensions, or custom programming, to share information to a third-party service, such as MailChimp and Infusionsoft.

It can also be said that if you are using a payment gateway, such as Authorize.NET, PayPal, or Stripe accept paid registrations or sell tickets, then mostly, you are sharing relevant registration information with a third-party service.