Events: Preparing For GDPR
From now on if you want to collect someone's data you need their consent – you must tell them what you're collecting, why, and how you're going to contact/communicate with them. Although you already have someone's initial consent, this isn't enough. You must get consent every time you use this data, including any new events/organisations you come up with later.
These changes come into place in May 2018, so are you wondering how important these changes will be to event planners? Are there pros as well as cons to this? We've got it covered!
1. Teams - Event Planners must make sure everyone in their team are aware that the law is changing. People must be aware of the changes being made to how you collect, store, manage and share personal information of the people who will attend your events.
2. Fines - Businesses can be fined if they fail to comply with new rules, he fine can be damaging for some companies as it will be up to 4% of their annual global revenue. It's important to know the consequences of non-compliance, and to identify areas that could cause problems.
3. Consent – In your privacy notices and consent boxes in your apps, websites etc, make room for a plan to place any necessary changes in time for the deadline. This can include things like what programme/campaign/event you plan to run and get people to 'opt-in' again. From May you won't be allowed to contact people in your mailing list if you don't have the correct consent. By getting people to 'opt-in' again you can keep them in your mailing list.
The correct consent includes explain to people:
-Why you are/need to collect/recollect their information
-How their information is going to be used
-Approximately how long you're going to keep their data for
-That they can choose for you to forget their information
-Which sponsors, venues, exhibitors, organisations you're sharing their details with.
4. Breach of data – A company must have the right procedures in place to detect and report loss of theft of someone's data. Organisations are required to report to the ICO (Information Commissioners Office) if there is a data breach. If there's a high risk of data breach e.g. identity theft or financial loss, then the individuals affected must also be notified. If a breach isn't reported within 72 hours hen a hefty fine will be coming.
5. Keep it safe – Sure you can check the typical threats by using anti-virus software etc, but there are still other threats that can come from within. You should think about system passwords and how often these are changed. How you share your event data is also important, don't carelessly email over information that could be shared in person/in a phone call.
6. If you find yourself running a promotional event, and you're wondering how you can gain customer/attendee data, here's what to do: Ask your client to confirm if you can email the customer, then email the customer with an invite to register, if they choose to then show them the consent details and ask them to agree, you can then run your event and delete all details 3 months later.
7. And here is what not to do... If your client does not receive agreement that you can email the customer, then don't email them asking them to register without requesting consents. If you keep their data on your database for future events just because it's easier – it could be asking for trouble!