Meetings Blog May 25, 2018
Are you prepared for GDPR? Do you know how it is going to impact on your meetings and events? Let us give you an overview of what you need to know to stay ahead of the new EU regulation… it’s something you cannot afford to ignore.
The General Data Protection Regulation, coming into force on 25 May 2018, is an upgraded version of the data privacy laws already in place. It is stricter, and carries with it heavy fines for companies that are non-compliant. It will almost certainly change the way you collect and use EU attendee data and how you store that information. Even if you are based, or organizing an event outside the European Union, you will still be impacted if collecting data on citizens or residents of the EU.
Consent – attendees will need to give their consent (active rather than passive) to allow their data to be stored and you must ensure it is clear they know how it will then be used.
Transparency – any data records stored by your organization can be requested to be seen by the individual concerned and this must be provided within 30 days.
Individual choice – if an individual asks for their third-party consent to be removed, their stored data to be deleted, or a copy of their records to be sent to another organization, you must oblige.
Security structures – all systems and processes within your organization must have stringent security measures built in and for certain companies a Data Protection Officer will be required.
72-hour response – if a security breach is identified, the data protection authorities must be informed within three days otherwise fines could be imposed.
Although many of the required changes to your company’s internal workings will be in the form of system upgrades, as an event planner or booker you play a key role in moving to what will become the ‘new norm’.
For example, do you have a clear and simple way of capturing and storing consent from your attendees and speakers? Also, are your registration forms clear about active consent rather than the more elusive ‘opt-out’ choice? You will need to consider who in your organization has visibility of the personal data held, and how to ensure that lists (whether paper or digital) are never left unsecured or shared with the wrong people. If you are provided with contact lists from a third party then remember that you’ll need to take steps to get the consent of those individuals if not already granted.
Making sure that everyone in your organization is aware of the new regulation is of paramount importance so, if you haven’t already put steps in place, get communicating.
So, it is clear that all event planners, and anyone using the personal data of others, need to be fully aware of the changes and put in place measures to safeguard against a breach of the regulation. Those that do have an excellent opportunity to engage further with attendees by proving their transparency in dealing with data in a secure and respectful manner, building trust for their future relationship.
Complying with GDPR may not be up for discussion, however, by looking after your attendees, regularly treating them to fantastic marketing content, and always delivering ‘wow’ events for them, you’re more than likely to get their consent. And with this agreement, you can continue to keep in touch as you always have…
For further information and an up-to-date source on GDPR, check out the EU’s official site.
