Though many larger companies have had GDPR initiatives in place since last year, the reality is that some smaller ones are still working on growing awareness internally and taking the proper precautions.
In May of 2018, the General Data Protection Regulation (GDPR) replaced the 1995 EU Data Protection Directive, creating a completely new framework around the collection, processing and protection of personal data of the citizens of the European Union. Penalties for non-compliance are high—as much as 4 percent of your organization’s annual global revenue.
Here are 5 steps meeting planners who are just getting into the game can take:
Leverage what’s already been done
See what already has been done on an enterprise basis and leverage that to customize data policies and procedures for your meetings and events.
Understand the role of controllers vs. processors
A controller is the entity that determines the purposes, conditions and means of the processing of personal data (your company). The processor is an entity which processes personal data on behalf of the controller (your third-party suppliers). GDPR compliance from all supplier partners rolls up to the travel and meeting buyers who serve as the controllers.
Understand the privacy rights of your attendees
Attendees now have the right to know exactly how their personal data is being used, to ask for errors to be rectified and to request the deletion of their data and documentation of the deletion (known as “The Right to Be Forgotten”).
Update your privacy information & consent boxes on forms
Gone are the days when you can freely distribute attendee contact information without their consent.
Evaluate your e-mail protocol
Do not send confidential information without appropriate measures (encryption, password- protection, etc.)