How GDPR Affects Your Data Collection

Print Friendly, PDF & Email
GDPR, meetings
The GDPR goes into effect on May 25.

The General Data Protection Regulation (GDPR) going into effect May 25 will have an immediate impact on your data collection for EU attendees as it relates to financial information (credit card data), health (such as food allergies), passport and VISA data and even contact information—all deemed “personally identifiable information.”  We broke it down.

The GDPR focuses on six bases to define data collection and data processing: 1. the vital interest of the individual; 2. the public interest; 3. contractual necessity; 4. compliance with legal obligations; 5. unambiguous consent of the individual; 6. legitimate interest of the data controller. These six bases carry the same weight and are exclusive from one another.

The key for registration processes is explicit consent. Moving forward, planners must require EU citizens to actively opt in and offer explicit consent to store and use their data. They must explain what the data will be used for, who they will share it with, and for what length of time.

The law cuts even deeper than that when it comes to the “who.” Registration information can be shared with suppliers, for example, so the forms must include an opt-out for those people who do not want it to be shared with suppliers, as well as various other categories.

With hacking now a routine happening, GDPR takes a strong stand on data breaches, giving organizations just 72 hours after they discover  a breach to notify  authorities and users.

If EU attendees ask for access to their data, it needs to be supplied within 30 days, and if they ask that it be deleted, it needs to be deleted and proof given that it has been. So planners need to be able to export the data as requested.

GDPR also requires permission to send electronic commercial messages. Not only does it require consent, it also requires that organizations disclose how information will be used. The implications for the e-mail marketing industry are far-reaching.

There are many additional resources for meeting planners, among them:

The Event Planner’s Guide to GDPR compliance e-book

Events Industry Council white paper

ICO 12-Step Guide to Prepare for the GDPR

Print Friendly, PDF & Email
Previous articleRecreate Coachella at Your Summer Event
Next articleHard Rock Gets Down to Business With a Number of New Hotels
Barbara Scofidio is Editor of Prevue and heads up the Visionary Summits, our exclusive conference series targeting senior-level meeting and incentive planners. In her 30 years in the industry, she has become known for her passion around greening meetings, growing awareness of human trafficking and promoting CSR activities as part of business events. She is currently a member of SITE's Women IN Leadership committee and the media liaison for FICP's Education Committee. She was the first member of the media ever to be invited to sit on a committee by GBTA, where she spent three years on the Groups and Meetings Committee. She has also been an active member of SITE for 30 years, chairing its Crystal Awards committee and acting as a judge. Before joining Prevue in 2014, she served as Editor of Corporate Meetings & Incentives (MeetingsNet) for more than 20 years. She has a BA in Literature/Rhetoric from Binghamton University. Barbara is based outside Boston, in Groton, Mass.