Making your staff aware of GDPR is just the first step

There's a lot to think about before the May 2018 GDPR deadline, from auditing your data to knowing your event attendees' rights.

Image credit: iStock
Image credit: iStock

The new General Data Protection Regulation (GDPR) legal framework will radically change the way business collect, process and protect personal data.

There are implications for Brexit and how non-compliance can lead to serious financial consequences companies. GDPR will apply to all organisations collecting data on EU citizens and residents, regardless of where events take place.

Events manage high volumes of personal data collection through registration forms, mobile apps, surveys and networking tools. It is vital that planners know what they can and can’t do under GDPR.

Don’t assume GDPR compliance is a technology initiative and not a business one. It may be the responsibility of your IT and legal teams to sort it all out, but event planners need to do to make sure they don’t put organisations at risk.

Crucial steps to prepare events for the May 2018 deadline

Create awareness

Make sure that everyone in the events team (as well as other departments that deal with event data) are aware that the law is changing. 

They need to understand the changes in collecting, storing and managing the personal information of people coming to events and what they need to do to keep that data safe.

Ensure awareness of the risks of non-compliance (fines up to €20 million or 4% of global annual turnover) and identify the areas that could cause problems under GDPR.

Audit your data

Find out what personal data is already held in the databases used around events, from attendee mailing lists, speakers, sponsors etc.

Planners need to know exactly where data came from and whether or not there is adequate consent from these individuals to contact them. It means pre-ticked boxes and soft opt-ins no longer count with GDPR.

Identify what systems data is stored in, when it was last used and what it was used for. You need to know if that information was shared with other suppliers and partners, including event management agencies, event technology providers). 

Check for adequate consent and that these third-party organisations are complying with GDPR.

Update consent boxes

Examine current privacy notices and consent boxes in things like registration forms, apps and websites. Plan for changes before the GDPR deadline. This includes campaigns that will run to get people to opt-in again. 

Ensure the correct type of ‘active’ consent or legally, you will no longer be allowed to contact them from May 2018. 

Companies need to explain very clearly why they are collecting information, how it will be used and ideally, how long the data will be kept for.

To share details with sponsors and exhibitors, then you need to name those organisations. Using general terms like ‘sponsors’ or ‘venues’ won’t cut the mustard.  The language you use needs to be clear and concise and easy to understand.

Know your attendee’s rights

Check processes to make sure they cover all the new rights people will have under GDPR. How would you delete all the personal information you hold on on an attendee if they asked you to do so?

The new regulations state you’ll need to respond to requests within 30 days at no charge. Would your event management system help you locate and delete the data in time?

Prepare for a data breach

This is key because it this can lead to a lot of problems if an organisation is not GDPR compliant. Ensure the right procedures are in place to detect and report the loss or theft of an individual’s data – like a delegate list.

GDPR requires all organisations to report data breaches to the ICO or other such authority, if it is likely to result in a risk to the rights and freedom of individuals. This might include identify theft, damage to reputation, financial loss and discrimination.

Keep event data safe

Show that you’re doing your best to protect the personal information of individuals and minimising the chances of it getting into the wrong hands.

Find out who has access to your event data – both within your own organisation and the third-party suppliers that process data on your behalf. This would include event tech vendors, event management agencies etc. Have a look at their data security policies.

Appoint someone to own GDPR

Regardless of whether your organisation needs one, have someone from the events team take ownership of GDPR and compliance.

 

More detailed information can be found in the eBook 'The Event Planner’s Guide to GDPR Compliance’ published by event management solutions expert eventsforce.

 

Read: What event planners need to know about GDPR

Read: 5 things companies must do to be GDPR compliant

Read: Brexit doesn't change the need to comply with GDPR

 

For more features and breaking news sign up to C&IT Magazine's daily News Tracker.

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Register now
Already registered?
Sign in

Andrew McCorkell recommends

5 myths about GDPR

Read more
Kimpton Blythswood Square Hotel opens in Glasgow

Kimpton Blythswood Square Hotel opens in Glasgow

Luxury hotel has 113 rooms, a Bo & Birdy restaurant and bar and private roof garden with views of the city.

'I'm fortunate to work on events that you sometimes have to pinch yourself at'

'I'm fortunate to work on events that you sometimes have to pinch yourself at'

A-List 2019: Michael Charles, creative director, Julia Charles Event Management.

Why an acquisition is a bit like a first date

Why an acquisition is a bit like a first date

Co-founder of FIRST, Mark Riches, explained why not all M&A activity is a success at the C&IT Breakfast Briefing.

C&IT Wellness Report hub is now live

C&IT Wellness Report hub is now live

Subscribers can read the entire report online now, which has been created in partnership with Stress Matters.

Dublin: A serious place to do business and a great place to relax

Accessibility, good value for money, excellent service, top-notch hotels and venues, history and culture and quality food are all key factors for event planners when deciding on where to host their event. And Dublin is a destination that ticks not just one or two, but all of those boxes and more.

Who are the fastest growing event agencies?

Who are the fastest growing event agencies?

Based on our annual Top 50 of UK agencies, we've crunched the numbers to see whose event-based turnover is growing rapidly.

'Young people bring new energy and thinking, and are in touch with what's going on'

'Young people bring new energy and thinking, and are in touch with what's going on'

A-List 2019: Steve Catling is the director of Hippo Events.

Strata appoints client services director and head of incentives

Strata appoints client services director and head of incentives

Agency makes three further hires including a junior designer, event operator and warehouse manager.

New business development director for Set Creative

New business development director for Set Creative

Nick Tether joins the agency from Exterion Media and will focus on growing the business.

Download the full State of the Industry: Corporate Report

Download the full State of the Industry: Corporate Report

Topics from the 2018 report include how events budgets are changing and what corporates want from event agencies.

LATEST JOBS