Baffled by GDPR? Scared by talk of £17 million fines? Not sure where to start when it comes to collecting compliant data at your events?
When you work with an event tech provider, one of the things they will do is gather data about your delegates. Because they work with data all the time, your event tech provider should be able to help ensure that all data you collect during the course of your event is fully compliant and in line with regulations. That way, you can rest assured that your compliance isn’t in jeopardy when you collet data at your event.
The new General Data Protection Regulations come in to force on May 25th 2018. They will apply to anyone who gathers or stores data about EU citizens (which still includes us post-Brexit Brits). This could be any data that would allow you to identify the data subject - including name, email address or computer IP address.
1. Are you GDPR compliant?
Pretty obvious really, but if they’re not able to give a clear answer and to talk you through their GDPR response, there could be an issue. GDPR covers all forms of data, so even your registration lists will need to be compliant in order to avoid any issues. If your event tech provider isn’t willing to talk you through the steps they have in place in order to be compliant, you could be at risk.
2. How will you respond to GDPR enquiries?
As part of the new regulations, members of the public are able to check the data you keep about them. Once a request is made, you have 72 hours to respond with a clear list of all data you hold about that person. They can then ask you remove that data. If this happens, you have a further 72 hours to ensure that it is wiped from your system. Failure to comply could result in fines. At Noodle Live, we have created an automated system that will respond to requests and automatically wipe data when requested. This ensures that we always respond on time and that we are following the guidelines.
Once your event tech company hands over the data to you to store on your system, you will also need to work out a way to ensure you are able to respond to these enquiries quickly and efficiently.
3. Are all of your staff informed about GDPR?
When you’re working with data on a daily basis, it is essential that all staff are informed and aware about the new regulations. From the interns to the head of operations, everyone should be aware of the risks and responsibilities in order to ensure that no one slips up.
At Noodle Live we are holding company-wide trainings for every member of staff. All new hires will also receive training and there will be an annual update training to ensure that the entire team remain fully informed about developments and changes.
4. Is there someone I can talk to about GDPR?
Find out who is responsible for ensuring the company is GDPR compliant. If there is someone who is fully informed and ultimately responsible for ensuring that data is fully compliant, you know the company will take the regulations seriously. If you have any concerns, ask your GDPR lead to speak to the GDPR officer before signing the contract.
5. How can you demonstrate compliance?
Under the rules of GDPR, it’s up to you to prove that someone is happy for you to store their data. You will have to be able to demonstrate that they’ve given you permission. Your event tech provider should be able to show clear evidence that your delegates are aware that you’re storing their data and what you might use it for. Ask to read the written terms supplied to everyone who signs up for your event to ensure that you’re being fully transparent and clear when asking people to supply you with data about themselves.
Remember – once your event tech company hand over the data to you, you are also responsible for ensuring that you store it and manage it in a way that is compliant.
Still confused by GDPR? Take a look at what Glisser’s Mike Piddock and Noodle Live’s Glyn Roberts had to say during a panel debate about GDPR compliance for #EventProfs at this year’s BNC Event Show.