The General Data Protection Regulation or (GDPR) came into effect in the European Union on May 25th of 2018. GDPR works as a measure to update the 90’s era efforts to protect user privacy. Are event planners ready for what the regulation changes in user privacy mean for the events industry?
What is the GDPR really?
Simply put, the GDPR is a set of regulations put in place to protect user data in the EU. With the intention to synchronize all the different privacy laws across the EU, the biggest change with the arrival of the GDPR is that users now must ‘opt-in’ to sharing their data. This protection stops major service providers such as Facebook and Google from storing information on a user’s ethnicity, sexual and gender identity, or political affiliations without obtaining explicit consent from the user.
Users can now also request to see all the data that companies keep on them, within a 30-day window. Under the ‘right to be forgotten’ laws, individuals can even request that all of their personal data be deleted as well.
Another major shift lies in compulsory sharing of data breach information, wherein companies must inform regulators and the public about stolen data within 72 hours. This requirement is a complete reversal from the pre-GDPR era standards. Individuals must be informed if the breach is considered to have ‘high risk’ to a user’s rights under GDPR.
Fines for failing to comply to GDPR standards can range from £8.8 million, or 2.2% of a company’s turnover, for minor infractions, to £17.5 million, or 4.4% of turnover, for major issues.
Who is actually affected?
What can event planners do to comply with GDPR?
Event professionals need to become intimately aware of the new regulations. The UK’s Information Commissioner’s Office is a great resource. Some of the most important steps for planners include:
- Contacting third parties and event partners to ensure compliance
Make sure that everyone you work with is complying with GDPR standards. Planners need to follow up with tech platforms, sponsors, and anyone else who could have collected user data through an event. This not only means contacting those you have worked with but also going one step further removed to make sure you have checked in with any possible person or platform that would have collected user data, even if they were pretty far removed from the event itself.
- Reconfirming data collection approval
Event planners, along with many other companies, need to reconfirm the use of user data with the individual on whom they have collected data. If the user denies, planners must be prepared to clean their stores of that individual’s information. Updating privacy policies and other notices that users see around data collection is also necessary.
- Ensure data is stored securely and safely
To avoid costly data breaches, ensure data is stored properly from the beginning. Mandating tight security is a great precaution and should include secure encryption and rigid controls of who has access to information.
As helpful as data collection can be for event planners, they need to be extremely careful that all information collected is done so under relevant regulations and laws. For events that take place in the EU or those that have EU citizens attending, it is essential that planners ensure their collection practices align with the GDPR.