The General Data Protection Regulation (GDPR) will come into effect on 25th May 2018. Are you ready?
This new data regulation constitutes the biggest change to the data protection regime in the EU since the 1995 Data Protection Directive. It will change how you arrange, market, attend and follow-up events.
With so much technical information surrounding GDPR, event professionals could be forgiven for feeling overwhelmed. However, GDPR doesn’t need to be scary and, in fact, with careful planning and a good strategy in place, GDPR will make the events industry more efficient with its data. Here we answer some of the key questions event organisations are asking us.
Which Organisations will be affected by GDPR?
Any organisation collecting and processing data on European citizens falls under the new regulation. Event companies hosting events in Europe or with events hosting European citizens, regardless of where they are taking place, will need to adhere to the GDPR.
Organisations not able to show they are complying with GDPR principles face large fines of up to €20m or 4% of annual worldwide turnover.
What does GDPR mean for the events industry specifically?
The events industry uses so many different data collection tools to gather and analyse information on attendees that the amount of data being accumulated is growing at an exponential rate. This new European legislation brings in many fundamental changes to how exhibitors and event organisers collect, store and utilise event data.
The new regulations require the industry to maintain records of the personal data held, where it came from and who they share it with. Current regulations require event organisers and exhibitors to give out certain information when collecting personal data, such as how they intend to use the information, yet the new regulations bring with them a much larger list of requirements.
GDPR also means the events industry must explain their lawful basis for processing the data and also divulge how long they plan to keep the data.
How will GDPR affect events as we know them?
Personal data is defined as any information related to a person or ‘data subject’ that can be used to directly or indirectly identify the individual.
It can be anything from a name, email address, photo, or computer IP address to more detailed information on medical conditions, dietary requirements and social media posts, even photos of attendee badges displaying individual QR codes fall into the category.
Registration companies must provide detail around how they will store and process any data obtained at events. Any data event companies hold onto must also only be used for the intended purpose.
GDPR In Action at Your Events
What right would an exhibitor have if they exchanged business cards with a prospect? Can that prospect be used in their marketing database?
Tradeshow exhibitors collecting business cards must follow up with an email obtaining consent from the recipient to be added to any marketing databases. There are many questions like these that must be answered properly to design post GDPR marketing solutions.
It’s not just about solutions and technology but also about bringing subtle changes to the organisations to build a culture of privacy and trust at every stage of your customer journey.
Where should businesses start on the road to becoming compliant?
A systematic and informed approach that will not only handle the GDPR but also boosts the confidence of the organisation to handle the required changes is a good place to start. From holding internal meetings to forming a focus group to building awareness throughout the business and a road map, the best place to begin is to start talking.
Our next blog will discuss seven steps to becoming GDPR compliant for event organisers. Acrotrend is working with organisations on their GDPR strategies. If you would like further information on the GDPR and the changes your business needs to make to become fully GDPR compliant