Like Brexit, talk of the ‘ever looming’ GDPR dominated inboxes for much of the first half of 2018. On a personal level, dealing with an onslaught of emails with the familiar “we are updating our privacy policy” subject line was somewhat overwhelming. Further to this, the effect of an impending May 25th deadline on many businesses, left some scrambling to appoint a DPO whilst others made gallant efforts to cleanse their CRMs. All of this was done in a bid to prove GDPR compliance to the relevant supervisory authority, should they happen to come knocking.
Just when you thought talk of the GDPR was over…
So, almost a year later, it is understandable that this 4-letter acronym is the last thing event managers and marketers want to hear about. You deal with data all the time. You know what you can and can’t do. The frameworks are in place and all the effort that needed to be made for your organisation to become compliant was done last year…right? Well, not quite. GDPR compliance is not something that can be tackled as a tick box exercise to be done and moved on from. It’s something that must be carried out daily by all members of the organisation, especially the marketing and events teams. It is often this day to day implementation of the frameworks and policies that can catch people out and leave you falling foul of data protection and security requirements when running your events.
Surely everyone knows by now what not to do?
You would think so. But it’s the detail of what is acceptable versus what is considered a breach that continues to cause confusion. Does your attendee data have to be hosted in the country where it was collected? Or is it the country where your business is based? Or is it the country where your attendees live? Can you still receive or share attendee data with a 3rd party, like a supplier or venue? Do you need to get double opt in consent from attendees to connect with them after your events? These are some of the questions that are still floating around and for many, they remain largely unanswered.
In the confusion, there are instances where data breaches easily happen simply because planners continue to do what they have always done…
What can be done to maintain compliance?
Understand your responsibilities when it comes to data protection. Recognise what constitutes a data breach and continuously review your suppliers to ensure their data policies and procedures are in line with the GDPR. When it comes to storing personal attendee data including everything from dietary requirements and allergies to content preferences and data consent choices, ensure your event technology solution is not the weak link in the chain.
To get the answers you need, watch our webinar Data security and compliance: Beyond the GDPR where we covered:
- Your role in data compliance as a data controller
- Where your event data should live
- Common data vulnerabilities in the event management process
- Data compliance practices you should expect from your suppliers and partners