GDPR and events – is your team ready?
GDPR AND EVENTS – IS YOUR TEAM READY?
In response to the rapid growth of technology, next year, new legislation will significantly modify the way we can collect, store and use personal data. And, ensuring compliance could be a minefield for even the most seasoned of event professionals.
To make matters worse, many people in the events industry still aren’t aware of the forthcoming changes. And, those of you that are can’t have escaped the horror stories about how breaches will lead to havoc, madness, and eye-watering fines (up to €20 million or 4% of annual turnover!).
But just like the much-hyped and overemphasised millennium bug, the GDPR doesn’t have to keep you awake at night.
Keen to help our clients and protect our industry as much as possible, at Apex, we’ve pulled together a handy summary to help you prepare for the changes. Of course, we can also remove the headache entirely by managing that all-important event data for you, with best in class software and practices that ensure 100% compliance.
What is the General Data Protection Regulation (GPPR)?
The GDPR is a new piece of legislation brought in by the EU. The most significant change to data privacy regulations in over two decades, its purpose is to strengthen and unify data protection for all. And, despite the Brexit vote, it will apply to businesses based in the UK.
How will the GDPR impact events?
The events and conference industry relies upon the sharing and manipulation of data. This includes information such as delegate/visitor data, subscriber lists, etc. We also have access to sensitive data such as name, date of birth, disabilities, etc., and we use a plethora of different tools to capture and make use of this info.
For event agencies and in-house teams, the way we manage this data will have to change. And, according to legal experts, GDPR could be as disruptive for the event sector as the “TripAdvisor effect” has been on travel[1]. So it’s no wonder that some people are getting worried!
Some of the changes include:
- Strengthening consent conditions for personal data. For example, all consent must be “freely given.” This means that it can’t be inferred from silence, inactivity, or pre-ticked boxes. Also, separate approvals must be given for different processing purposes.
- New and stronger rights for individuals when it comes to what is done with their info. For example, stricter rules on how data must be stored, and what data may be retained.
- More rigorous/additional processes such as privacy impact assessments, data protection audits, etc.
- An obligation to provide much more meaningful information to individuals about how their data will be used.
- The need to establish robust procedures for detecting, reporting, and investigating any personal data breaches.
So, companies that are still using Excel spreadsheets to store delegate information – or even antiquated online event registration software – could be in big trouble.
But disruption doesn’t have to be a bad thing (in fact, we often use it to create great events). And, businesses that take the opportunity to review how they use their data, and identify how they can legally extract and turn insights into actionable improvements and innovations could get ahead of the competition.
What can you do to prepare for the GDPR?
Nearly 50% of organisations have not made decisions about how to optimise their data management policies to ensure compliance to GDPR, and almost 30% don’t have the necessary additional resources to embrace the change.
Organisational Readiness for the European Union General Data Protection Regulation (GDPR)
With the Regulation due to come into play in May 2018, it’s vital that you act now. This includes undertaking a comprehensive audit of your data to establish the amount and type of info you have, where it is kept, who uses it, how it is used, how it is obtained, and how secure it is.
You should also speak to your event management partner to ensure that any automated event management solutions you use are compliant (or at least will be by the time the Regulation comes into force).
The Information Commissioner’s Office (ICO) website also has a range of advice and support to help you prepare.
If you’d like to find out more about how our online registration system will keep you compliant, remove the stress, boost attendance, and make your events a success, contact us today to find out more, or give us a call today on + 44 (0)1625 429370 to discuss your requirements in more depth.
For more information on GDPR and events – is your team ready? talk to Apex.co.uk