This is the second blog in our GDPR series. To start at the beginning, read our GDPR and the Event Professional.
We all know business revolves around data. It’s a fact of life that gets more and more prominent with every passing year. We also know getting access to that data means big money and lots of attention.
In Blog 2 of our latest series on GDPR we look at the important role that Consent now takes in your relationship with your event attendee, client and suppliers.
GDPR stands for General Data Protection Regulation, and it is a series of regulations designed to protect the data privacy of European Union citizens.
There’s been a lot written and discussed on the topic of GDPR, especially understanding how it impacts the meetings industry.
Even if you register just one person from a European Union country, as a meeting planner you are obligated to protect that citizen’s personal information. There are specific and detailed rights that European Union citizens have in how they understand how their data is being used, how long it will be used, and ultimately, having full control over their personal data.
What’s equally important is the obligations that meeting planners face in protecting that data.
And that’s why it’s all about consent!
Consent is the process of every attendee to our meetings agrees to giving you their personal data. Whether on a written form, by telephone, email, or most commonly in an online registration form, meeting planners must obtain and record a proactive consent from that attendee for you to access and use their personal data.
In other words, you have to ask for their consent, and your attendees have to agree to giving you consent.
So, how hard can that be? It’s both easy and hard.
It’s easy to display a check box and ask your attendees to check it.
What’s a little bit harder is understanding the issues and requirements about consent.
Here are a few important requirements that you, as a meeting planner are obligated to do:
Managing Consent is a two-way street, however!
Under GDPR, you are also obligated to allow your attendees to withdraw consent at any time. But, you must think about what that really means to your organization!
If an attendee calls you up six weeks before an event and states that they wish to withdraw their consent, you must say OK and accommodate that request in a reasonable time frame.
But, you are operating a business, and that means that you may have to cancel their registration, offer a refund (per your stated cancellation policies) and more.
You are also obligated to fully remove their personal data from your databases. But, you can retain details of financial transactions, such as taxes, payments, refunds and more. You just need to work out processes to accommodate both sides of the request – your attendees right to privacy and your right to operate a business!
And it can be a little tricky to balance their two potentially conflicting issues!
One event management product, EventsAIR, knows that managing consent under GDPR was a crucial and detailed requirement. Their new Data Protection Toolkit had built in processes and controls for obtaining Consent and documenting internal policies surrounding data privacy.
I spoke to Trevor Gardiner, our CEO about how GDPR and consent impacts event planners.
“It’s a hugely important undertaking. Meeting planners must not only define and display their internal data privacy practices to their attendees, they need to proactively obtain consent and record the details of that consent being given.”
Mr. Gardiner noted that their technology doesn’t do the work of compliance for the meeting planner, but instead, gives them a practical and comprehensive technology to support the planner in complying with GDPR.
“Every meetings company will have different policies and practices,” Mr. Gardiner said. “Our goal has always been to empower our clients with the tools and processes they need to get their work done effectively and efficiently. Whether its managing a hotel rooming list or making sure you are complying with GDPR, we’re focused on making sure they can get their work done in the most efficient way possible!”
For more ideas on managing your GDPR compliance, talk to one of our EventsAIR consultants live online or contact us.
For EventsAIR Community, the tools to assist GDPR compliance are within your reach.