The General Data Protection Regulation, or GDPR, is the new EU legislation becoming enforceable as of 25th May 2018. It is essentially an update to previous data protection laws. But what does it mean for event planning?
What is GDPR?
GDPR is intended to replace and reinforce data protection regulations put in place back in 1995. The main aim is to make users’ data more secure and to give users’ more control over their personal data.
Their personal data consists of anything relating to a person that could identify them. This can mean anything from a name, photo, email address, IP address, bank details, medical information, or social media posts. Which means even if the only data you collect is your attendee register, you need to make sure you keep up with the new rules.
There are several key aims of GDPR. One is the extended jurisdiction it brings. This means anyone that handles data of EU citizens, even if the data handling occurs outside the EU, MUST comply with GDPR. There are also new fines being brought in to penalise those who do not comply. Most significantly, GDPR demands strengthened conditions of consent. Which means that all requests for consent from a user must be accessible, and written in clear, concise, plain language.
The Key Changes
There are several key changes to rights of the data subject (user) incoming with the new regulation. To look at these broadly, they include:
Mandatory Breach Notification
Where a breach that may “result in a risk for the rights and freedoms of individuals” occurs, you need to inform your data controllers and users within 72 hours. This basically means if anything happens that might leak a user’s data, you need to inform your data controllers and your users. Whether you’re targeted by hackers, or leave a laptop on the bus, you need to inform others of a breach.
Right to Access
Users can now get information from data controllers about what personal data is being collected from them, where, and why. And the controller needs to give them an electronic copy of this information for free.
Right to be Forgotten
Users can have the controller erase their data, halt further circulation of the data, and potentially halt third parties processing the data. So if asked, you need to erase their personal data. Additionally, you need to stop sharing their data with third-parties.
Users now have the right to receive data concerning them which they have provided, in a commonly used format, and can pass this on to other controllers. If you are asked, provide an electronic copy of a user’s personal data that you have collected. Letting them pass it on to other controllers as they wish.
Privacy by Design
It now is a legal requirement to have data protection and privacy incorporated into the design of your software.
Data Protection Officers
In some instances, you will need to appoint a DPO, or Data Protection Officer. This is only mandatory if you are a public authority, undertake any systematic monitoring of data subjects, users, on a large scale OR you collect sensitive personal data, like criminal convictions.
What Should You Do?
These changes mean that there are a few key things you should be doing to prepare for GDPR. Your data processors, IT team, and marketing team might be responsible for the big changes. But there are some things you should make sure you are doing.
- Move all of your data into a secure database.
Make sure all documents and data you use are encrypted and kept securely. Keep track of all employees who have access to data. And if you need to print any personal data, even your event register, be careful about how it is circulated and who can access it.
- Contact your data providers and suppliers. Be sure to ask other companies how they will use data you have collected, or how they collect data they give to you. Make sure any tech providers or marketers you use are GDPR compliant.
- Contact Third Parties. If there is anyone that you have shared data with, you need to get in touch with them to remove any personal data a user requests to be erased. Whether they are stakeholders or sponsors, if you share data with them, contact them. (You should also make sure they too are GDPR compliant.)
- Be Clear. If you are worried, it would be a good idea to contact all of your subscribers, delegates, and anyone you communicate with to re-opt into having their data collected. And as per the regulations, make sure you ask for their consent in clear, concise language and not hidden away.
Which means you need to tell them exactly what data you are collecting, who you might share it with, and let the user choose if they wish to share it or not. And if you do share any data with a third-party, name them to the user!
We would also suggest that any data collection you undertake be done as minimally as possible. And that any data you do have, is being used only for the expressed intentions you gave about how the data will be used.
GDPR does represent some big changes in regards to data protection. Be certain that your team are prepared for GDPR, and research it thoroughly. A good reource to read and follow is the official EU GDPR site. It contains summaries of the regulations, the process, who it will affect, and links to other important resources.
We think GDPR is a step in the right direction and a positive change in the digital world. It will help to make users safer, and more in control of what information is being shared, and where.
If you want to read more about what GDPR means, and how it will affect SMS marketing, you can read our blog post all about GDPR.
Hopefully, you are already well on the way to being GDPR compliant. And like us, looking forward to a more secure digital future!
In the meantime, why not send a few messages to your suppliers, sponsors, and other contacts to ask if they are ready for GDPR? You can use SMS Campaign to get in touch with them all quickly and easily. Not to mention, you can share our blog posts with them to get them in the know. Contact us today to find out what we can offer you!
Sign Up to Our Newsletter Today
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.
Something went wrong.