Every conference generates an avalanche of data. From attendee contact details to employment information, to gender, disabilities and dietary preferences, collecting our personal data for later use is fair game - or at least it has been, until now.
Many will be aware of the dreaded GDPR, Europe’s General Data Protection Regulation, which is coming into force in May. Regulators promise stiff penalties for infringements, and even mighty tech giants like Facebook have embraced GDPR as it sets the new data protection standard globally.
To illustrate the seriousness of GDPR, in 2015, TalkTalk, a UK Internet Service Provider, was fined a record-breaking £400,000 for a significant customer record data breach. If the same incident happened today under GDPR regulations, TalkTalk could be fined a devastating £59 million.
Though GDPR may be seen as a burden, it’s an exciting development for those of us who care about privacy and how our data may be used without our knowledge. Recent high profile controversies involving the shady use of data from social media platforms illustrate that the time is right for much stronger data protection regulation.
So what is GDPR? It’s all about Consent and Security
GDPR is aimed at standardising and strengthening the data protection rights of people in the European Union, regardless of whether that data is stored in the EU or overseas.
The basic premise of GDPR is that consumers should be in charge of their own personal data.
Here’s how businesses will need to comply with the new regulation:
- Inform the individual about what data processing will be done.
- Ensure that data processing matches what was described to the individual.
- Record clear opt-in consent when capturing personal data.
- Only use personal data for the purpose that the individual has consented to.
- Update privacy policies to inform individuals how their data will be processed.
- Ensure existing personal data also has recorded consent according to these principles, and that all personal data is stored securely.
What this means for events
Large European conferences like Mobile World Congress, MIPIM, Cannes Lions and dmexco will need to ensure they are fully GDPR compliant before the 25th of May.
Pre-ticked opt-out consent boxes in registration forms, sharing delegate lists freely with venues, speakers and other attendees, and emailing unsecure spreadsheets are practices which will soon be things of the past.
After the 25th of May, you will only be able to contact those who have provided their consent to be contacted for that specific purpose.
As an attendee, do I need to do anything differently?
No, but you can look forward to having much greater control over the information you agree to receive, selecting what you are most interested in (for example Mobile World Congress 2019).
Over the next few weeks, you should look out for businesses requesting your consent to keep you informed, and provide that consent if you wish.
If you notice that an organisation is misusing your personal data, you should contact the organisation directly to request that your data be removed.
If that is unsuccessful, then you can make a complaint to your supervisory authority in your EU country.
The International Association of Privacy Professionals has published guidance on reporting such issues in their GDPR complaint process.
As an organiser, what if I’m concerned that I’m not ready for GDPR?
There is still time, and we can put you in touch with the people who can help. We have the right connections to support you with becoming compliant before the 25th of May.
Simply contact our team for more information.
“MIPIM” is a registered trademark of Reed MIDEM. No copyright infringement intended.