With the deadline for compliance with the European General Data Protection Regulation (GDPR) coming ever closer, you may be wondering how it is going to affect your corporate events. Designed to streamline the current legislation, the GDPR is intended as a means to address and provide for the personal data concerns of private individuals. For corporate events with a global reach, this means that you will be affected by the GDPR if any of your attendees or speakers are EU residents. Even if your event is held outside of Europe, you will still need to make changes to a number of basic elements when it comes to your event planning.
Are you affected?
For some reason, many people are of the belief that the GDPR will only matter in the event of a data breach, but it’s actually a little deeper and all-encompassing than that. One of the key criteria of GDPR is that businesses will face audits, and if they are found to be non-compliant then there is the risk of some very significant fines. Those fines alone should be enough to make you sit up and take notice of GDPR, with penalties of up to €20 million or a 4% fine on your annual global revenue. These amounts could be fatal to any business. In event planning, data collection is a given, whether it’s in the form of registration systems, social media listings or even survey results. When your business involves keeping track of visitor numbers, the names of attendees and their contact details, right up to disability requirements and dietary needs, it’s often a surprise to realize just how much data you have to hand.
Your security obligations
GDPR raises a number of new elements to consider when it comes to data storage and the information that you obtain. With the increasing number of costly cybercrimes that can affect any business at any time, you will have a strict time-limit to report any data breaches to the relevant authorities. Failure to do so means non-compliance and those heafty fines. Therefore, because of these reasons, many businesses including corporate event planners are opting to use resources like Torix, with their dedicated IT support and cybersecurity Reading expertise.
The importance of consent
Current laws mean that you can rely on implied consent, making it much easier to collect data and use it as your business requires. The GDPR will change that, and users will now have to give consent to having their data stored and details on just how that data will be used, with as much specificity as possible. Before you’ve collected one scrap of information in the build-up to your event, you will need to ensure that you provide the relevant information and give users the option to opt out of any data storage at any point. This will apply to the data that you already have on EU residents, including those from the UK. Your current data stores will need to be reclassified and destroyed unless you re-contact the individuals concerned and obtain consent.
GDPR is the biggest shake-up to the IT world since the start of the new millennium and will mean a greater sense of security for those that are concerned about who stores their personal data and how they use it. In light of the recent controversies, GDPR may be coming into effect at just the right time.