May 2018 saw the introduction of the General Data Protection Regulation (GDPR). This is legislation that affects every business or organisation that handles or collects the data of citizens of the European Union. Of course this means that if you work in the events industry and you handle the data of individuals, you will need to comply with the new regulations or face heavy penalties.
So whether you are running a large-scale conference or handle the logistics of tiny niche tours, any kind of events organiser will need to pay close attention to their new responsibilities under the GDPR. Here, with information learned from UK experience provider Into the Blue we take a look at some of the ways that the GDPR will change the events industry – and what professionals / businesses in the industry shall need to do.
What is the GDPR?
Given that the GDPR is such a huge piece of legislation which affects virtually every business, it’s surprising how many people haven’t heard about it and don’t understand the ramifications of failing to comply. In fact as recently as January 2018 is was revealed that almost a quarter of London business knew nothing about GDPR and only around 16 per cent considered themselves to be prepared for it.
The regulations are designed to update the law surrounding the handling of data to put more onus on businesses and organisations to correctly gather, store and protection the private data of individuals. So if you are going to be organising events this year where you need to gather and store any personal details from individuals then you need to ensure you are completely compliant with these regulations.
What do event organisers need to know?
Due to the nature of organising events it is often necessary to gather information from attendees and therefore event organisers will need to ensure that they are aware and following the rules set down by the GDPR. In the past, the rules surrounding data gathering have been fairly lax – those attending could be considered to have provided ‘passive consent’ to an organiser to gather and store their data simply by failing to opt-out.
The new rules surrounding data mean that the issue of consent is looked at far more closely and organisers must gain ‘active’ consent from attendees in order to take their data. This means first that the organiser must be completely transparent with how the data will be used and secondly that attendees specifically opt in to having their data stored.
Data storage and security
It is important to note, however, that the GDPR does not only look at the issue of consent when it comes to the handling of data. The rules also cover the problems of storing personal data and keeping the information secure. This means that if you work in the events industry you may need to take a much closer look at data security that ever before.
For example, if it is still the case that you use spreadsheets to record all of your data this may no longer provide adequate protection, nor allow you the feature you requirement to fulfil the other conditions of the GDPR. An example of this is that individuals who consent to you holding their data also have the right to access that data at any time. They can also exercise at any time their right to be forgotten, which means you will have to delete their personal data immediately.
Interestingly when it comes to data security, you need to have a system where you can stay completely on top of data breaches. The GDPR has strict rules surrounding cases where you have lost to hackers and cyber criminals. In the event of a data breach you will need to notify anyone who has had their data stolen within 72 hours.
What should you do?
Firstly, it is vital that you should do a complete audit of the data that you currently collect for people attending your events. Ask yourself – what data do we take, how is that data used, and is it really appropriate or necessary for that data to be gathered and stored? Next you should look into upgrading your whole system so that it falls into line with the GDPR rules.
It’s a good idea to speak with an expert in the GDPR to understand exactly what you need to do ensure that you comply with the regulations.