GDPR: What is it and how will it affect the industry? EIN special feature

On the 25^th May this year the UK will adopt new EU laws governing the way that organisations manage personal data.

The General Data Protection Regulations (GDPR) will replace the existing Data Protection Act and aim to clamp down on the misuse of personal data and improve the way information is both captured and stored.

In addition to our dedicated podcasts on the topic, Event Industry News has put together a special feature to give our readers insight and guidance on the new laws. The feature also introduces our readers to some of the industry experts that are best positioned to offer support and consultation on the subject.

GDPR regulations require compliance by both data controllers and data processors.  In the case of meetings and events, the company hosting the event (data controller) must show how they’re complying with the new regulations.  And part of that responsibility is making sure that the tech vendors that process data on their behalf (ex. Registration systems, event management software, mobile apps, surveys, networking tools etc.) are also fulfilling their legal responsibilities.

1. Where is My Data Hosted?

Hosting and sharing data within the EU is legally not a problem – as long as your event tech providers meet the new requirements. If your data is hosted in servers outside the EU, then you need to ask them what steps they’re taking to ensure your data transfers are compliant.

2. Who Has Access to My Data?

Find out exactly how your supplier is using your event data. Find out who has access to it and where they’re located. Find out if they subcontract any part of your data processing to third parties (ex. Customer support) or if your data is accessible through other countries or legal entities within their own organisation – as you’ll need the correct data processing agreements in place to ensure you meet the new standards.

3. How Does Your System Allow Us to Obtain and Store Consent?

GDPR requires you to record and access the consent you get from individuals when collecting their personal information.   Your registration system, for example, should be able to store the date and time and IP address an attendee used when ticking a consent box – which means you can always prove how, what and when that consent was given.

4. How Does Your System Help Me Delete Personal Data?

Find out how your event tech system will help you delete personal data – and whether it is deleted in back up servers too and how quickly this is done.  Make sure they confirm in writing whenever they do this as this will give further protection.

5.How Does Your Organisation Comply With GDPR?

Ask your tech suppliers how they themselves comply with GDPR. What is their understanding of the new regulations? How important is data security for them as an organisation – do they follow best practices?

Having the answers to these questions will protect you from any unpleasant surprises in the future.

For more info, please visit: www.eventsforce.com

Resources:

Download eBook: The Event Planner’s Guide to GDPR Compliance

Watch video: Is Your Event Tech Ready for GDPR?

Learn more about GDPR: EventTech Talk Blog

GDPR is set to have a profound impact on meetings and events. It will affect events of all shapes and sizes since the processing of personal data is central to the entire lifecycle.

The spirit of GDPR is to put the security and privacy of personal data at the forefront, for organisations to operate on the principle of “privacy by design” and develop trust and transparency in their relationships with their customers. For Cvent, this is part of our DNA and how we’ve always operated, so we welcome these new regulations and are ready to help our customers comply.

As the leading event technology company in the industry globally, we have nearly 1,000 technology staff building our products and solutions, with over 25 information security specialists dedicated to safeguarding our customers’ information and company resources. We operate 24×7 security monitoring and response, capable of identifying and responding to a breach around the clock.

Cvent has been working hard to ensure that our customers can be compliant come May 25^th when using our platform to manage their events. Some of the key updates we’ve made to our systems and processes include:

• Website cookie banner overlay and customisable privacy policy links
• New consent field type with built-in timestamps and audit trail
• Secure hotel room block management solution integrated with hotel reservation systems
• Onsite check-in app including additional consent questions and on-demand badge printing
• Consent functionality in mobile app and lead capture solutions
• Process to support timely access and erase requests, maintaining event reporting and statistics

We have produced a range of educational assets to help our customers understand what needs to be done to ensure compliance across their events, including webinars and interactive infographics.

Check our website to view these at www.cvent.com/gdpr

TicketSource aim to provide the best online ticketing technology for event organisers regardless of size or budget. As part of that aim, they have launched five major new tools and features, to assist event organisers in their compliance with the upcoming GDPR data protection law.

1              Granular marketing consent
2              Named third-party consent
3              Customer data retention period
4              Customer data privacy policy
5              Customer data export

If you would like to try out these new features, under no obligation, you can sign up for a free account via the button below.

Try TicketSource event ticketing system for free now

1. Granular Marketing Consent

All marketing consent options are now presented to the individual specifically on an opt-in basis. If an option is not selected then marketing consent will not be sought and you will not be able to market to that individual via that method of communication. TicketSource will keep an audit log on granular consent for all your customers as required under GDPR.

2. Named Third Party Consent 

Within each individual event, there is now a third party marketing option, allowing you to name the third party and offer specific, positive opt-in marketing options. TicketSource will keep an audit log on granular consent for third-parties for all your customers as required under GDPR.

3. Customer Data Retention Period

TicketSource have now made it possible for event organisers to set their own data retention periods, having the individual’s data automatically purged from the servers when it falls outside of the specified retention period.

4. Customer Data Privacy Policy

Event organisers are now able to upload their own Data Privacy Policy into the TicketSource system. This policy will be presented to the customer when collecting their contact details during the booking process.

5. Customer Data Export

Enhancements to the existing customer data exports have improved functionality to report on your customers based on the new granular marketing consent options. Additionally, named third-party filters have been added allowing event organisers to export customer data based on their own privacy options or event booking details.

The advice outlined in this article is only meant to assist you in your GDPR compliance and not intended as legal advice. We strongly recommend you take your own legal advice in deciding how to comply with GDPR.

Companies are investing a lot of time and effort to get their marketing activities in line with GDPR requirements. But have you considered how it will affect your activities at events – particularly lead capture?

What GDPR means for events

The GDPR will bring big changes to the way companies collect people’s personal details at events, and how you process them after. For event lead capture, these are the most important parts of GDPR to be aware of:

• Purpose: it won’t be enough to say you need someone’s personal data ‘for marketing purposes’ – you’ll need to be specific.
• Consent: do you have this person’s explicit permission for you to contact them again? Some of Akkroo’s customers are using double opt-in to secure consent; while this isn’t required under GDPR, it is a great way to make sure you’ve got consent from your prospects.

For more information about the impact GDPR will have on the events industry, visit our new resource site, GDPRforEvents.com.

How to collect leads and maintain GDPR compliance

In a recent podcast, Akkroo discussed the established methods of lead capture at events, and whether they comply with GDPR.

The outlook isn’t great.

Event teams won’t simply be able to carry on as normal and assume that’s enough for GDPR.

That’s where Akkroo can help. The Akkroo Event Lead Capture solution has been designed with GDPR compliance in mind. Lead capture forms can be specifically designed to gather consent, and you can customise forms so people can choose what further communication they can expect from your business.

Big changes

GDPR will mean big changes to the way you collect lead data. But hopefully, it means companies get better value when exhibiting at events – focusing on getting good-fit leads rather than playing the numbers game.

Talk to Akkroo about improving your event lead capture process: book a demo.

Author: Adam Parry

Adam is the co-founder and editor of www.eventindustrynews.com Adam, a technology evangelist also organises Event Tech Live, Europe’s only show dedicated to event technology and the Event Technology Awards. Both events take place in November, London.