The General Data Protection Regulation (GDPR) is coming into effect in May 2018, and it's going to change the way businesses collect and use the data of European citizens.
If you're planning a business event in 2018, you need to be aware of and comply with the new regulations.
Before you start thinking it's not relevant to your business, think again. The GDPR will almost certainly affect your corporate events, and those of every organisation around the world with European employees or attendees. Why?
To demonstrate event success and prove ROI, the collection of data is vital. The GDPR affects the data collection and processing of all European citizens, no matter where they are in the world.
In other words, if you're planning a business event in 2018 with even just one EU citizen attending, you need to be aware of and comply with the new regulations. In this article, we're going to provide you with a helpful guide to the changes that will be taking place, how they apply to corporate events and how event planners should prepare for the GDPR.
If you're planning an event in 2018 with European attendees, you need to prepare for the GDPR.
What is the General Data Protection Regulation?
The GDPR has been set up to protect the rights of EU citizens both within European countries and outside them, in particular regarding the right to the processing of personal data and how it is used. It's an update to a directive from 1995, when our world wasn't as driven by data and technology.
Some of the key changes to this older document that the event industry needs to be aware of include:
- Consent: Collecting consent needs to be done in a clear and concise manner. This means no undecipherable terms and conditions that an ordinary person can't understand.
- Penalties: Significant fines will be issued for businesses and organisations that fail to comply with these measures.
- Geographical scope: The scope of where and in what situations the regulations apply has been made much clearer - and broadened. So the GDPR will also apply to the processing of data of EU citizens by organisations outside the EU (just as the penalties for failing to comply will also apply).
- Provision of information: Citizens whose data is being collected now have the right to get information from organisations about what the information is being used for. Businesses need to ensure people understand exactly what data is being collected, for what purpose, and how it will be processed.
- Right to erasure: EU citizens have the right to request that their data be permanently erased, and stop businesses from disseminating or processing it.
- Privacy by design: Organisations need to have data security built in right from the very beginning. For instance, it should be built into all the systems that house attendee data.
- Breach notification: Users and data protection authorities need to be notified within 72 hours if a breach occurs.
Event planners will need to communicate clearly and transparently how a person's personal information will be used under the GDPR.
The changes will apply from May 25, 2018. However, the law is already in place, and if you've opened registration for your event, you'll still need to comply.
Why should event planners care about the GDPR?
The GDPR has very clear significance for corporate event planners and the meetings and events industry as a whole.
If you're found in breach of the GDPR, you'll be liable to pay either €20 million or 4 per cent of your company's annual global turnover.
First of all, if a European citizen attends an event you're holding and you'll be collecting their data in any way, you'll need to make sure the way you're doing so complies with the new laws. Under Article 3 of General Provisions, it's stated clearly that the regulations apply to data collected on a European citizen, regardless of whether this data collection and processing takes place within the European Union or not. If your company headquarters is located in Toronto and you're holding an event in Queenstown, New Zealand, the regulations still apply to you.
Secondly, there are severe financial penalties for failing to comply. If you're found in breach of the GDPR, you'll be liable to pay either €20 million or 4 per cent of your company's annual global turnover - whichever is the higher amount.
Failing to comply with the GDPR won't just get you a slap on the wrist; you could be fined 20 million euros or 4 per cent of your company's annual global turnover.
These penalties might seem severe, but the regulations are justified responses to a changing world. It makes sense that people shouldn't have personal information available if they would prefer to maintain their privacy. Complying with the GDPR isn't just about making sure you're on the right side of the law, it's also about showing you're committed to protecting the privacy rights of your European delegates.
How to prepare for the changes
Here are some tips on how you can start preparing for the changes that will be taking place:
1) Educate your team
Now you've read this article, you're much better prepared to deal with the changes that are coming into effect. But it's vital that you also read up on the legislation and get informed about all the actions you'll need to take to comply with the GDPR. We recommend sitting down with your team and talking through what's changing and discuss how you can best approach it.
Sit down with your team and discuss what changes you'll need to make to comply with the GDPR.
2) Audit your processes
Firstly, consider all the ways you collect data from your events at all stages - before, during and after. You'll likely have registration forms, surveys, lead capture tools, social media and event apps. These are all great ways of generating valuable analytics that can help you create a successful event, but you don't want this to be at the risk of a hefty fine. Detail all the changes that you'll need to make so that you'll be complying with the GDPR.
3) Take action
One thing you can do to get on the front foot from the get-go, is to ensure you know the citizenship of all your attendees. Even if you only have one European citizen attending, you need to be aware so you don't infringe on their rights under the GDPR. You could, for example, ask those registering to include their citizenship in one of the registration form fields.
Update all the consent boxes on your forms - including registration forms.
Think about how you are going to collect consent, and communicate it in a clear, transparent way. Update all the consent boxes on your forms - including registration forms. You can no longer automatically opt-in people to your mailing lists - you need their explicit permission to do so. So if you want to contact previous event attendees about an upcoming event, make sure you ask them to opt-in so you're meeting the criteria for consent under the GDPR. Change the language you use if it's too full of jargon and ensure everything is communicated in a clear, easy-to-understand way.
Put in place a system for keeping the data secure - right away. Don't let anyone and everyone have access to the data you're collecting, including things like delegate lists. Don't email data to people outside your team, or share it with anyone who shouldn't have access to it.
Who has access to your delegate mailing lists and their personal information?
Make sure your event management company is complying
If you're planning a large-scale corporate event, chances are you're not doing it all yourself, but enlisting the help of an event management company. If this is the case, it's vital to use one that is fully up-to-date and compliant.
At cievents, we've put together a GDPR Taskforce, whose members are working together to:
- Be the voice of their department and understand how GDPR may affect their discipline.
- Communicate to their teams about the GDPR and expected changes.
- Assist with the roll out of process changes in their department.
We're already on the front foot and are well equipped to help you navigate the changes that will be taking place. So when you enlist the expertise of our team to assist you with your next corporate event, you'll be safe in the knowledge that we know exactly what you need to do in order to meet compliance standards.
We hope you have a better understanding of how the GDPR will affect your business event, and how it affects the events industry as a whole. To find out more about the regulations, and how cievents can help you navigate them, talk to our knowledgeable global team today.