What tools does Hugo offer to meet the AVG / GDPR regulations?

From the 25th of May 2018 onwards, the General Data Protection Regulation (GDPR) will be enforced in Europe and, as we are a Dutch company, we have to abide to this legislation. On this page you will find how this affects your organization, what has changed and what will change in Hugo"s software and the required changes in your business-relationship with Hugo.

About the AVG / GDPR

Privacy is increasingly important in the current information technology era. We as people, want to know what happens to our data and want to prevent this data from ending up on the street.

The EU enforces a new privacy law: the General Data Protection Regulation (GDPR). In the Netherlands and Belgium this law is known as General Data Protection Regulation (AVG). This law provides us with the confidence that every effort will be made that our data is not being used for purposes we are not aware of.

From the 25th of May 2018 and onwards, this law will be enforced. This means that when you collect personal data, you must comply with the rules of the AVG / GDPR.

Most organizations have already started the preparations and we are happy to inform you where Hugo helps you to comply with this law. Please know that if you do not comply with the rules, the fines can rise up to four percent of your annual turnover.

The AVG / GDPR and Hugo

To understand the consequences of this law, we have divided this article into three parts:
People | Organization | Technology


This concerns for example, a user of the software, an employee of your organization or a contact that is recorded in your CRM system. For Hugo, the three most important pillars of AVG are:

  1. Transparency: companies must inform users in an understandable way about how the(ir) data is collected and processed.
  2. Right to be forgotten: companies must be able to delete personal data if the applicable person requests this and no valid counter argument can be given.
  3. Reporting obligation for data leaks: companies are obliged to document and report a data breach within 72 hours unless they can prove that the leak is not a hazard for the collected personal data.

Personal data is all information with which a person can be identified, such as a name, a telephone number, an address, an e-mail address, a date of birth, an account number, and more. Are you wondering whether the AVG / GDPR applies to your organization? It’s very simple: if you work with one of the data elements as mentioned above, the AVG / GDPR applies to your organization.

People have the right to correct their data or have it removed. In addition, each person must give specific, freely determined and unambiguous consent, with full knowledge of the facts.

In other words: for every ticket purchase, every newsletter registration, you as a company, have to explain specifically what will happen to the collected personal data. Keep in mind that this information needs to be clear and easily understandable in your Privacy Statement and please don’t forget to always ask the users explicit permission for using their personal data. Sending anyone who purchased a ticket an email for promotional purposes is prohibited. Your ticket buyers must have given explicit consent to receive promotional emails.


Service Level Agreement / Cooperation Agreement

From May 25th 2018 onwards, all Hugo customers and partners will receive a new cooperation agreement containing a processor agreement that is according to the new legislation and regulations with all rights and obligations that arise from the AVG. Some important changes are:

  • Processing agreement: according to the AVG, there is a "Processor" and a "Controller". Hugo is the Processor and its customers are the Controllers.
  • Legislation: the reference to the Personal Data Protection Act (Wbp) will be adapted to the General Data Protection Regulation (AVG in the Netherlands).

Privacy Statement

We have a Privacy Statement for both companies (our clients) as well as her end users (your clients) on the website in which we want to express the fact that we do not abuse your data or that of your customers.

Terms & Conditions

In addition to the Privacy Statement, our Terms and Conditions can be found here

Data processing

By using Hugo"s software solution, personal data will be processed, which is securely stored and made available via the Hugo back office. In the back office, the collected (personal) data is presented in the account of each client. This information can be adjusted by the clients of Hugo. If you have more questions about (for example) the removal of data, please feel free to contact us via


For the Hugo software solution, the AVG / GDPR has impact on the following:

Right to be forgotten

The "right to be forgotten" is a very strong right of the end user in the AVG / GDPR. In the Hugo system, this (or insights into data or adjustments of data) can easily be carried out:

  • Block before use. It is already possible to block data that is no longer in use. In the case of e-mail campaigns, the Hugo software does this automatically by registering recipients as "unsubscribed" when a user indicates this. These are then no longer included in new email campaigns. The use (or misuse) of this data can therefore be prevented.
  • Deleting records / subscribers. It is possible to delete records or subscribers directly within the Data Management and Fanbase Management. Note that people"s data could be in multiple places and deleting really means really deleting. Once deleted, that data can no longer be retrieved.

Data portability

The GDPR pays a lot of attention to this and this has everything to do with being able to export personal data so that they can be re-used in other situations. The current possibilities in the Hugo software, such as reports via PDF and / or XLS or CSV are sufficient to comply with the legislation.