The aim of the General Data Protection Regulation (GDPR) is to give individuals control over how their personal data is used.
One of the key aspects is ‘transparency’ over why data is collected, what will be done with it and the rights an individual has.
In this article, we will explain the impact on collecting personal data on your website, and an event registration platform.
There is a shift away from having all the details in a disconnected Privacy Policy or Privacy Notice to giving details at the time of collection. An example of where changes will be needed are places on a website or event registration page, used to collect First Name, Last Name and Email.
Article 13 of the regulation tells us the information to give. The following is a summary of what is required:
The details need to be given using ‘clear and plain language’, especially if the details are collected from a child. The Information Commissioners Office (ICO) code of practice (view here) on communicating privacy information to individuals provides details about how this could be done. Something to discuss with your website developer or event technology provider.
If you obtained the data indirectly, e.g. from a mailing list, you need to contact the individual with details about the source of the data and the categories of personal data you have ‘within a reasonable period after obtaining the personal data, but at the latest within one month’ (Article 14). If you are relying on consent as the legal basis for processing the data, you need to ensure that the source of the data provided evidence that they obtained the necessary consent before you contact the individuals. The issue of consent is for another blog after the ICO have issued the final version of their consent guidelines.
Is this level of transparency unreasonable? I would argue that it isn’t. If you cannot say why you are collecting data and what you will be doing with it when you collect it, you should not have it in the first place.
For more information on how GDPR affects marketers and event organisers, read our article here. Or take a look at our GDPR checklist.
This post was brought to you by Ian Grey, an Information and Cyber Security consultant. Ian will be part of our panel discussion, on Thursday 25th May.
Register today for our event: