How will the GDPR effect the Events Industry?

The GDPR (General Data Protection Regulation) is coming, and it is going to change the way privacy and data protection is handled throughout Europe (and in the UK post-brexit, at least until and unless it adopts something else).

The GDPR will apply to 1) every organisation in the EU and 2) every organisation in the world which holds any data on EU citizens. If you are a part of the UK events industry, you belong to one (or both) of those groups. Simply ignoring it and hoping it goes away is clearly not an option. Yu need to determine what the GDPR expects from you, and how to get compliant in time.

What Is the GDPR?

The GDPR is big and ground breaking, but not terribly complicated from our point of view. Beginning on the 25^th of May, EU citizens will be entitled to a great deal more control over their data and how it is used, and will impose harsh financial penalties for organisations who do not comply with its requirements.

What Does the GDPR Have to do With the Events Industry?

Data is being collected and used now at a rate that was literally unimaginable just a few years ago. This is as true for the events industry as for any other. Mobile apps, attendee registration services, apps and social media all gather and analyse user data, and funnel it to our systems for analysis.

Much of this data is classified as ‘sensitive’. You might have the name, contact phone number and employee data of every delegate and attendee who ever visited one of your events. You might also have data on their sex or gender, their dietary habits or even their disability status. Much of this data is still fair game for data-driven marketing efforts, and much of it isn’t.

If you’ve hosted an event in Europe, or if you’ve ever had an EU citizen attend one of your events (statistically, all but a certainty) then the way you collect, store, protect and share that data could well come under the microscope. The GDPR also applies to your technology providers who deal with this data whether they know it or not.

How to make sure the GDPR doesn’t hurt your events

Any event you’re planning which takes place after 25 May 2018 needs to be in full compliance – unless you know for certain that no EU national could possibly attend.

• Get moving on GDPR compliance that is as specific as possible to your industry and niche.
• Make sure that all of the key people in your team understand what the GDPR demands, and what their actual responsibilities are. You need everyone enthusiastically on board – and that might be the most difficult part.
• Find out exactly what information you’ll be collecting, processing or interacting with in relation to EU attendees.
• Make sure you know exactly how and where this data will be stored and processed on your end.
• Make sure you know what systems will be used to move this data. Even if data is moving from one server to another in the same room, some services could store it temporarily anywhere in the word. ‘The Cloud’ is now a dangerous concept.
• Find out what systems your technology providers will be using, and whether they are 100% GDPR compliant. It might be wise to include that compliance in your contract with them.

How the GDPR actually helps you

The GDPR replaces laws that did not consider the impact of the internet and the ways modern companies use (and misuse) data. The intention was to establish a clear, simple legal framework for holding and using customer and client data, and a single standard rather than a confused raft of local country laws.

The laws that applied earlier were simply a mess. It was rarely clear exactly what duties companies owed to the subjects of their data, and it was all too easy to run afoul of something unexpected. The burdens might seem imposing at first, but at least they are clear and unambiguous. You know what your duties are, and exactly how to achieve them.

Are you GDPR ready? And what are the challenges as you have seen them?