What is GDPR?
The new EU General Data Protection Regulation (GDPR) will be directly applicable from May 25, 2018. It’s seen as the most important change in data privacy regulations in 20 years and aims to give EU citizens more control over how their personal data is stored and used. GDPR applies to all businesses processing personal information on European users, employees, customers, attendees or others.
How does GDPR affect Meetings & Events?
Meetings & Events planners and organizers are dealing with highly sensitive personal information about attendees, such as attendee names, addresses, contact details, employment information, gender, date of birth, disabilities, dietary requirements and travel information (i.e. passport numbers, itineraries, accommodation information ++).
Any organization that collects and processes data on European citizens falls under the new regulation. If you are hosting events in Europe or your attendees are European citizens (regardless of where your events are taking place), then the new regulation applies to you. GDPR also applies to all technology providers processing attendee information on European citizens, even if the technology provider is based outside of EU.
Being only 8 months away, it is important that you start the process of being GDPR compliant as soon as possible.
Active consent to store and use personal data is required from attendees during the registration process, and you also need to clearly explain how you will use the personal information. You also need to store the date and time of the consent from each attendee. Even though this should be a part of the registration process already, beware that you might be in breach of GDPR if you use information without such consent after May 25, 2018 and should prepare accordingly.
Under GDPR it is compulsory to notify both users and data protection authorities within 72 hours of discovering a security breach. At Qondor, we have mechanisms in place to discover and notify on security breaches from a technical perspective. You need to ensure that you have control over personal information stored in your organization.
At any time an attendee can require digital copies of personal data that your organization is processing, where the data is stored and what it is used for. It is also important for organizations to structure customer data to be compliant with GDPR.
Right to be forgotten
Citizens in countries under GDPR (EU/EEA) may at any time require you to delete their personal data and you need to stop sharing the data with suppliers, hotels, venues etc who in turn needs to stop processing their personal data
Attendees will have the right to move from one controller to another. Although there is little use in transferring registration information to an event from one system to another for one person, you should always provide personal data on your attendees in a commonly used digital format.
Privacy by design
GDPR requires that tech providers (like us) have data security built into products and processes. Data Security has been one of the top priorites at Qondor, keeping your attendees’ data secure at all times.
Data Protection Officers (DPO)
Some organizations that frequently monitor large amounts of data or deal with data relating to criminal convictions will also be obliged to have a Data Protection Officer (DPO). The DPO is responsible for GDPR compliance at the organization.
Qondor GDPR compliance
Keeping personal data secure and safe has always been a top priority for us here at Qondor, and we take GDPR compliance very seriously. As a meeting or event planner it is important to understand your attendees’ rights under GDPR, and what you should and should not do in terms of collecting and processing personal information.
At Qondor, we will do our best in helping you make the correct choices so that you can continue delivering great experiences while taking personal data seriously.