What event planners need to know about GDPR

'Now is the time to become GDPR compliant' says Nicola Rossetti, vice president of European Markets at etouches.

Image credit: iStock
Image credit: iStock

Nicola Rossetti is an expert on data protection and the upcoming GDPR changes happening on 25 May 2018.

----------------------------------

Data collection plays an increasingly important role in the events industry. The more personal data event managers can collect about the people who attend their events, the better they can customise the event experience, as well as future products and services.

But there is risk associated with the collection and handling of all that data. That is why the EU approved the General Data Protection Regulation (GDPR), which goes into effect on 25 May 2018.

For event planners, this means the personal data of EU citizens who attend their events or work in their companies must be handled in compliance with GDPR.

What is GDPR and why does it matter?

GDPR replaces and improves upon existing regulations, notably, the EU Data Protection Directive of 1995, and addresses developments in mobile and cloud technology. GDPR also combines various existing regulations into one harmonised and simplified set of rules for all EU nations.

GDPR gives EU citizens more insight into, and control over, how their personal information is collected and used. To ensure this, GDPR adds significant fines and penalties for non-compliant data controllers and processors of up to 20 million Euro or 4% of annual global turnover, whichever is greater.

Managing event data under GDPR

Event planners and agencies are data controllers. That is, they collect and control the personal data of their customers, in this case, event attendees. As data controllers, event planners must be prepared to perform the following processes in compliance with GDPR:

  • Discover: Identify where personal data transit and resides in your ecosystem.
  • Manage: Document how personal data is used and accessed.
  • Protect: Prevent data breaches through data security technology and practices.
  • Reveal: Give EU citizens access to, and control over, their data.
  • Report: Track related event data to comply with regulator’s audits.

Because customer data is typically shared across multiple functions, such as sales, marketing and event management, compliance requires cooperation by the entire ecosystem of technology solutions, partners and employees with access to the data.

The role of technology vendors in GDPR compliance

Data processors – the technology vendors that process the data owned by the event planner – play a significant role in GDPR compliance, although the onus is on the data controller to define GDPR requirements to their technology partners.

Under GDPR, data controllers appoint a Data Protection Officer (DPO), responsible for ensuring compliance with GDPR. Vendors are also required to provide adequate staff training in principles of data protection and must employ a variety of encryption technologies to alleviate the risk of noncompliance, data breaches, security failures or lack of reactiveness.

While a good data processor will support adherence to GDPR standards, it’s worth noting the more solutions and vendors an event planner uses, the higher the risk to data security and non-compliance. Comprehensive technology platforms and end-to-end solutions can help alleviate the burden of compliance.

Now is the time to begin the journey to GDPR compliance

Meetings and events are highly exposed to complex data collection and management, which makes compliance with GDPR a must. Considering many 2018 events are already in the planning phase or have even opened registration, there is no time to delay. The road to GDPR compliance can be long and complex. All corporate and agency planners should begin the process now to ensure compliance before their next event takes place.

Disclaimer: This content is intended to convey general information only and in no way constitutes legal advice or opinion. 


If you’re interested in registering for the 2018 C&IT Corporate Forum, find out more here.

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in

48 hours in... Istanbul

48 hours in... Istanbul

From a boat tour on the Bosphorus Strait to rooftop belly dancing, here are our top picks for two days in the Turkish city.

ILEA UK's new board announced

ILEA UK's new board announced

The International Live Events Association says it aims to be an inclusive and inspiring global community during a 'challenging time'.

LIVE UPDATES: Morocco to start reopening borders

LIVE UPDATES: Morocco to start reopening borders

Find out which countries are on partial or national lockdown, what travel restrictions are in place and what size gatherings are allowed.

Smyle appoints new managing director

Smyle appoints new managing director

Creative agency reshuffles its senior leadership team to support its new virtual and hybrid events business.

Hospitality industry welcomes VAT reduction in chancellor's summer statement

Hospitality industry welcomes VAT reduction in chancellor's summer statement

MICE sector continues to wait for further clarification on financial support and a date for restarting live events.

How have event apprenticeships been affected by coronavirus?

How have event apprenticeships been affected by coronavirus?

A group of apprentices share their experiences of learning about the industry during lockdown.

RSVP podcast Ep6: Jessica Rabbit, fraudsters and sleeping in army trucks

RSVP podcast Ep6: Jessica Rabbit, fraudsters and sleeping in army trucks

This week's special guest is Julia Charles, managing director of Julia Charles Event Management.

'Working on the inaugural Invictus Games was amazing'

'Working on the inaugural Invictus Games was amazing'

A-List 2020: Rachel Douglass is a senior event manager at Yellow Fish.

Venues #LightItInRed to show support for events industry

Venues #LightItInRed to show support for events industry

Campaign to draw attention to struggling events businesses and employees lights iconic buildings red.

Dear C&IT: Graphs and data are useful but they can’t measure feelings

Dear C&IT: Graphs and data are useful but they can’t measure feelings

Metrics are great but don't forget to create a memorable experience, says Phil Staines from FIRST.