Event organisers need to get ahead of the curve when it comes to GDPR says Mike Lenard, Managing Director and owner of Tailored Data Solutions, the database management company.
Tailored Data Solutions provides data management, support, cleansing and enhancing services by using industry leading software and employing data hygiene practices. The company, which operates UK-wide, bases its work around core values including quality, collaboration, community and conservation.
Owner and Managing Director, Mike Lenard is an expert on General Data Protection Regulation and has expertise in data hygiene and management, as well as around 15 years of experience working with data, databases and programming. Mike has held leading roles within data departments where his many duties have included writing bespoke software, providing training and implementing ISO (International Organisation for Standardisation) standards.
On 25th May, the Data Protection Act 1998 will be replaced by the General Data Protection Regulation, also known as GDPR. The new regulation will ensure consumer data is identified, protected and only used for relevant purposes.
Organisations will need to demonstrate compliance; this includes data mapping, keeping a data register and carrying out regular data audits to ensure procedures and policies are relevant and continue to meet the conditions of the directive. Any non-compliance could result in fines of up to €20 million or 4% of global turnover, whichever is greater. Moreover, data breaches could result in negative PR. It is therefore essential that organisations get to grips with GDPR responsibilities while there is still time.
One hugely important area for any company or organisation in the events sector is to ensure that it gains consent for any data sharing within the group of attendees or delegates. The consent obtained needs to be given freely, with a relevant explanation given as to what will happen to that data, i.e. “by giving consent you agree to let us share your name and address with the attendees at the same event.” The explanation cannot be hidden away in the terms and conditions, and you must only use the data for the stated purpose. It is then the organisation’s responsibility to ensure the data is protected, and then deleted.
As an event organiser or planner you will need to think about what technology you are using. This could be radio-frequency identification tags, facial or fingerprint recognition cameras, or even drones. How might an attendee’s rights be comprised under GDPR? Have they given consent? How is the captured data going to be processed, profiled, stored or distributed?
Tailored Data Solutions has been supporting an events organisation in London that works in over 150 countries. Its key issue was consent, but by updating their centralised data management platform, we ensured a quick fix to getting consent from attendees in all countries. Moreover, automated data management has ensured data is deleted when it is no longer relevant.
GDPR is designed to get you thinking, but it will lead to better behaviour from organisations, and improved data security for us. For far too long data has not been captured, stored or used with transparency in mind. GDPR will change the events industry, so seek some advice and protect your organisation.
For more information on GDPR, visit Ico.org.uk, or Tailored-data.co.uk.