5 myths about GDPR and what you need to know

The MICE industry collects data in huge quantities so a major shake-up in data privacy means businesses will be forced to change.

The general data protection regulations (GDPR) - which become law from May 2018 - mean that new ways must be found to collect and store data for clients. There are significant challenges to face in terms of mitigating risks to companies, and in terms of best practices for data management.   

Bruce Smith, chairman of the NorthPointe Management Group, said: "GDPR is all about the individual’s privacy. It is designed for the individual to have better control over their own information. It takes it out of the hands of corporations and places it more with the individuals.

"It also tries to create a unified set of rules across borders, so that multinational companies are following a consistent set of regulations. Those are some of the core principals, and it does affect people in the EU no matter where they are based."

 

Smith is keen to stress that while the legislation kicks in from May, companies should start working on it straight away, because it will take time to implement.

"It takes effect in May, be sure that you start working on it right away, don’t wait until the last minute because it will take you some time to get ready," he added.  

"Businesses will need to capture what they are doing, and what data they are collecting, in order to map it out; what’s the best procedure, how long they need to keep that data and so forth."

Smith cited a recent presentation by Barrister Dean Armstrong, Queen’s Counsel, of Elias Partnership on the five myths of GDPR.

 

5 myths about GDPR

  • There is a definitive answer for GDPR

"There isn’t," explains Smith. "It is a principle-based set of regulations. They set out the principles, but they are subject to interpretation. There are going to be challenges to this, there will be lawyers who will try to sue on their clients’ behalf. Not only on a corporate basis but also on an individual basis. Make sure that you have your policies down."

  • GDPR will only affect compliance departments

"Many businesses don’t have a compliance department, but it’s going to affect the entire company. At the core of this is the sanctity of someone’s data. You will have to get explicit consent from people to capture their data and retain it, and you can only retain it as long as it is necessary. It’s very different to what we have done in the past. Make sure you are good custodians."

  • GDPR is all about the data hacking

"It’s not. It’s a holistic approach to data management. This is where the best practices come in. Ask if you are collecting the right kind of data. Are you collecting more than you need to? Does everybody really have to have every piece of information, or are there ways in which you can separate out that information? Excel spreadsheets are no longer going to be acceptable. We are going to have find different ways to be able to do that."

  • GDPR can be dealt with easily by buying technology

"There is a myth that there will be a lot of technology solutions out there that you can buy. There will be a lot of companies telling us that all of their systems are GDPR compliant. Well, nobody is technically GDPR compliant right now because it hasn’t actually rolled out yet to be tested. They may be GDPR ready, but until they have been tested in a court case or by a regularity agency, they are just ready at this point. Make sure you talk to your vendors and find out how ready they are. Those are important things to know."

  • GDPR fines are just a cost of doing business

"A lot of people in this industry think that because they are small or medium-sized businesses, that they will fall under the radar. But the answer is that you won’t. They will be looking for it and all it takes is one person to report you and then you will have to answer to the regulatory agency in your country. Please take it seriously. In addition to the fees that you will have to pay, keep in mind that the loss of your reputation will be more damaging than maybe the cost of the fine." 

Bruce Smith was talking at IBTM in Barcelona.

If you’re interested in GDPR, don't miss C&IT’s special GDPR roadmap series of events that is kicking off in March. 

 Click here for more information and how to book.


Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in
London calling: A look at what's new and forthcoming in the capital

London calling: A look at what's new and forthcoming in the capital

Hotels, venues and activities that should be on your radar for future London-based events.

Double acquisition for Gray Dawes Group

Double acquisition for Gray Dawes Group

Acquisitions include INC. Travel Group's corporate and marine businesses and the purchase of VIP Leisure Travel Ltd.

Love is in the air for one in seven event attendees, report claims

Love is in the air for one in seven event attendees, report claims

Research by Cvent and Edelman Intelligence finds 14% have met a significant other at a B2B event.

The advantages of being a second tier city

The advantages of being a second tier city

There are benefits to not being the capital, says Bas Schot, head of congresses and events at the Hague Convention Bureau.

What to do if a disgruntled event attendee threatens legal action

What to do if a disgruntled event attendee threatens legal action

Keystone Law's James O'Flinn discusses your options and how to prevent this happening in the first place.

Speakers announced for C&IT Northern Forum

Speakers announced for C&IT Northern Forum

New event takes place between 25-26 April at ACC Liverpool, with inspiring sessions from industry leaders.

Why personalisation is the key to measuring an event's success

Why personalisation is the key to measuring an event's success

Mike Leeson, general manager Europe at ETM, explains why ROE may be a better measurement than ROI.

Oman to welcome IGRC in 2020

Oman to welcome IGRC in 2020

Sultanate to host the International Gas Union's 16th International Gas Research Conference at the Oman Convention & Exhibition Centre.

Events company faces legal action from makers of video game Fortnite

Events company faces legal action from makers of video game Fortnite

Epic Games issues claim against Exciting Events after widely criticised event in Norwich.

Diary of a delegate: Beautiful Bergen

Diary of a delegate: Beautiful Bergen

A three-day account of the C&IT A-List FAM trip, in partnership with Visit Norway.

LATEST JOBS