the GDPR and Workshop Butler

Disclaimer: the content below is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.

As you may know, all organisations working with EU citizens’ personal data should be GDPR-compliant starting 25th of May, 2018. There are many terrific articles written about GDPR (for example, by MailChimp, FullStory or Hubspot) which we recommend reading to get more details.

At Workshop Butler, we are working in two directions. First, we are improving the platform and our internal processes to make sure they are GDPR-compliant. Second, we are adding the features which help you to operate your business in a GDPR-compliant manner easily.

On this page, we’ll publish the GDPR-related updates between now and May 25.

Product Roadmap

Below, find a list of the features we’re adding to the platform in the nearest future. We started working on GDPR-related features a couple of months ago and it’s an ongoing process. We’ll continue building and releasing them on a regular basis during the next month. We plan to ship all features from the list before 25th of May.

As we support different types of clients (knowledge brands, trainers, training companies), not every feature below may be relevant to you.

Ability to track a lawful basis of processing

There are two groups of people you can add to Workshop Butler: workshop attendees and trainers. You need to have a legal reason to use their personal data. You also need the ability to track the reason in case a person requests to see and verify the lawfulness of processing.


Workshop Attendees	As a trainer or training company, you get a legal reason to process the personal data of attendees when they register for workshops.	In Workshop Butler, you can check any time what workshop a person participated in. Currently Available
	For a knowledge brand, you get a legal reason to process the data when a person participates in a paid and/or free brand workshop.	Right now, the personal data of all registered attendees available to brand coordinators. We will change this so brand coordinators can see only personal data of attendees, participated in confirmed events. In Progress
Trainers	The process of becoming a licensed trainer or an employee of a training company is much more complicated than subscribing to a mailing list. The signed contract or licensed agreement gives you a legal reason to process their data.	As a brand coordinator, you can set a signed date of a contract/licensed agreement while adding a new trainer. You can also setup an automated license prolongation process. To give you more clarity, we’re adding a history of license prolongation with the accepted terms. In Progress For training companies, it’s up to you to track signed contracts with trainers.

Getting a consent

Under the GDPR, you may need to get an explicit consent form EU citizens regarding the data capture and how you plan to use it. As mentioned above, you should get a consent from trainers while signing a contract or license agreement with them if you’re a training company or a knowledge brand. This process is out of the scope of Workshop Butler.

It’s different for workshop attendees. There are three major points to consider:

getting a consent from attendees to use their personal data for giving information about an upcoming workshop, sending an invoice and other activities related to providing an outstanding workshop experience
getting a consent from attendees for subscribing them to your mailing lists or adding to Slack groups
getting a consent from attendees to pass their personal data (first and last name, email address) to a knowledge brand for certificate generation.


	We are adding two additional properties to attendees. a property which represents a consent from an attendee that you can use their information for invoicing and passing it knowledge brands in case of workshop participation a property which represents a consent from an attendee that you can subscribe to a mailing list It won’t be possible to add attendees without selecting property (1). MailChimp/Slack integrations will be changed to support the property (2)
API	The values of the properties should be passed to API on the registration of attendee Currently Available
Built-in registration pages	In Workshop Butler, it’s possible to customise registration forms. You can already add additional fields, including checkboxes. We’re adding a special type of checkbox representing the new properties. As for now, you will be able to add a description in HTML format for these checkboxes, giving links to your privacy policy and describing how the data will be used. Currently Available
Manual addition of attendees	There will be the checkboxes on the attendee form and the import form Currently Available
Other changes	Right now we support 2-steps evaluation process. On the first step, attendees fill in their evaluation, on the second one they provide their personal data. It’s not possible to change what information you collect in the second step. We’re changing the process completely by removing the second step. The evaluation process will look this way: You add attendees to a workshop or they register themselves You send an evaluation link to them. Each evaluation link is unique for each attendee Attendees provide their feedback which is automatically attached to them. In Progress

Withdrawal of consent

When workshop attendees register for a workshop, they signed up for a series of automatic and/or manual emails Workshop Butler and you send them before and after the workshop through the platform.


Unsubscribe link	We’re adding an unsubscribe link to all emails sent from our system to workshop attendees. By clicking on the link, the attendees can unsubscribe from further automatic messages from Workshop Butler, related to the given workshop. Unsubscribed attendees will be marked so you won’t send them a manual email by mistake. In Progress

Customisation of collected data

Under the GDPR, you must collect only the data that is needed for providing a service.


Trainers	You can customise registration form by adding or removing the fields you don’t need. Currently Available
Training Companies	We’re working on allowing you to customise registration forms as well, in a similar manner that trainer can do. Currently Available
Knowledge Brands	Right now, knowledge brands set limitations to what fields should be present on workshop registration forms. These fields include first and last name, email, address and role. Trainers cannot remove the optional one like the address or role from the forms. We’re removing these limitations, keeping only three required fields on any registration form: first name, last name and email. Other fields will be optional and can be added/hidden by trainers. Currently Available We’re hiding any personal data except first and last names, and email from brand coordinators as it’s not required for providing a service (sending a certificate, sending marketing emails, etc). In Progress

Deletion (or right to be forgotten)

Under the GDPR, people have a right to be forgotten meaning that you should delete their personal data completely from your databases on their request (with some exceptions).


Workshop Attendees	As a trainer or a company manager, you can delete any contact you have. The removal destroys all personal data, event participation history, and sent emails. Currently Available
	As a brand coordinator, you’ll be able to delete any contact you have. The removal destroys all personal data, event participation history and certificates. In Progress
Trainers	We’re adding a new functionality which allows you to delete the profile of trainers completely, including their events history, attendees, license history and etc. In Progress

Access (or right of access)

Under the GDPR, your users may contact you to request to access information that you hold on them.


Workshop Attendees	Contact profile contains all information about a person, including personal data, participated events, evaluations and certificates. This helps you to construct a response to your users. Currently Available
Trainers	Trainer profile contains a plenty of data about a trainer, including personal data, billing info, license history, ratings, and etc. You can easily find the event the trainer ran. These all should help you creating a response to your users. Currently Available

Modification

Under the GDPR, a user can request you to update the personal data if it’s not valid.


Workshop Attendees	As a trainer or a company manager, you can modify any contact you have. Currently Available
	As a brand coordinator, you’ll be able to modify any contact you have. In Progress
Trainers	Trainers or company managers can modify their personal data or the data of trainers of their companies. Due to the complexity of some use cases, brand coordinators cannot edit the profiles of trainers. However, they can reach our support team any time to request a manual change of their users. Currently Available

If you think we miss something or have a question, write to us on [email protected]