How GDPR Affects Your Data Collection

GDPR, meetings
The GDPR goes into effect on May 25.

The General Data Protection Regulation (GDPR) going into effect May 25 will have an immediate impact on your data collection for EU attendees as it relates to financial information (credit card data), health (such as food allergies), passport and VISA data and even contact information—all deemed “personally identifiable information.”  We broke it down.

The GDPR focuses on six bases to define data collection and data processing: 1. the vital interest of the individual; 2. the public interest; 3. contractual necessity; 4. compliance with legal obligations; 5. unambiguous consent of the individual; 6. legitimate interest of the data controller. These six bases carry the same weight and are exclusive from one another.

The key for registration processes is explicit consent. Moving forward, planners must require EU citizens to actively opt in and offer explicit consent to store and use their data. They must explain what the data will be used for, who they will share it with, and for what length of time.

The law cuts even deeper than that when it comes to the “who.” Registration information can be shared with suppliers, for example, so the forms must include an opt-out for those people who do not want it to be shared with suppliers, as well as various other categories.

With hacking now a routine happening, GDPR takes a strong stand on data breaches, giving organizations just 72 hours after they discover  a breach to notify  authorities and users.

If EU attendees ask for access to their data, it needs to be supplied within 30 days, and if they ask that it be deleted, it needs to be deleted and proof given that it has been. So planners need to be able to export the data as requested.

GDPR also requires permission to send electronic commercial messages. Not only does it require consent, it also requires that organizations disclose how information will be used. The implications for the e-mail marketing industry are far-reaching.

There are many additional resources for meeting planners, among them:

The Event Planner’s Guide to GDPR compliance e-book

Events Industry Council white paper

ICO 12-Step Guide to Prepare for the GDPR

Previous articleRecreate Coachella at Your Summer Event
Next articleHard Rock Gets Down to Business With a Number of New Hotels
Barbara Scofidio is editor of Prevue and heads up the Visionary Summits, our exclusive conference series targeting senior-level meeting and incentive planners. In 25 years of covering the industry, her articles have spanned topics ranging from social media to strategic meetings management. She is currently the media liaison for FICP's Education Committee and was the first member of the media ever to be invited to sit on a committee by GBTA, where she spent three years on the Groups and Meetings Committee. She has also been an active member of Site, chairing its Crystal Awards committee and acting as a judge. A familiar face at industry events, Barbara often leads panel discussions or speaks on topics close to her heart, such as green meetings or how the industry can help combat human trafficking. She is also on the board of ECPAT USA, the human trafficking organization. Barbara is based outside Boston, in Groton, Mass.