2017 has been a year of multiple policy changes around the world that have had a major impact on the events industry overall. Be it Brexit or Apple’s app store cleanup, event planners have a lot to consider while planning future events.
One of these major policy changes is General Data Protection Regulations (GDPR) passed by the European Union. This rule is bound to change the face of data collection and analysis overall.
So, what exactly is GDPR?
Let’s take a walk back in time and talk about the European Union Directive of 1995. This directive was adopted in order to protect the right to privacy of EU citizens. This law has been altered quite recently, giving way to the new Data Regulations aka GDPR.
With cybercrimes on the rise, these regulations were long predicted. The law tilts the compass towards the subjects, away from the data collectors.
GDPR is basically a set of rules and regulations meant for stronger and unified data regulations passed by European Parliament, the Council of the European Union and the European Commission.
To put it in simpler words, these regulations passed by the EU authorities are meant to strongly monitor the way data is collected from the citizens and utilized for multiple purposes.
To whom do these regulations apply?
Early on, the scope of data regulations in EU was limited to its premises. But, things will change after the GDPR law is passed i.e. post-May 25, 2018. EU has broadened the scope of the law across its borders as the regulations apply to all the companies residing within EU as well as those organizations directly in contact with EU citizens or dealing with EU in any way.
Say, for e.g. if you are an event planner residing in India, organizing an event in Paris. Your attendees include EU citizens as well. It is imperative that you follow the GDPR regulations for your event data.
GDPR and the Event Industry:
Once you’re familiar with the basics of the regulations, the next question that pops up in your head must be:
“So how would I be affected by this regulation and above all, why should I care?”
To answer this question, let’s take a step back and look at the current scenario of the event industry. Events have been indefinitely affected by the technological transformation.
Event technology is very much a part of the core event planning process these days, be it basic tech like AV or the integration of essential tech-tools such as event technology or VR/AR.
As a result, there has been a major shift to the online platform. This shift has resulted in the inception of a new and useful concept: Event Analytics.
Event analytics are a great way to quantify your event’s progress by analyzing your event data. You can track a lot of digital aspects of your event, from registrations to audience engagement and develop a strategy to maximize event ROI.
However, with the introduction of GDPR, event planners must abide by certain rules in terms of collecting, analyzing and utilizing their event data.
Here are a few ways in which GDPR will affect the overall planning process:
Registrations are a key way to collect attendee data that can be useful in designing an effective campaign for your event. A perfect event registration form can help you create an exhaustive and comprehensive database of all your event attendees.
However, with the GDPR in place, registrations for EU citizens will now be heavily moderated. Organizers have to be selective in terms of the information they ask for, keeping in mind the attendees’ Right to Privacy.
When it comes to the collection of event data, the main concern, in this case, is attendee consent. With the new regulations in the picture, a simple check-box won’t do. Planners must actively seek consent before collecting attendee information.
Attendees must declare that they agree to their data being utilized by the planners within the regulations. A complicated statement stating terms and conditions would no longer be an option. The agreement should be comprehensive and easily accessible to the attendees.
3. Data sharing:
Organizers must disclose clearly to the attendees about the utilization of their data. Attendees should be aware of where their data is being shared and for what purpose is it being used exactly. Upon request, it is the organizer’s duty to provide these records in a digital format.
Apart from this, the law also includes the concept of data portability. Data portability gives the right to the attendees to access their data anytime and transfer it from one controller to the other if they wish so.
4. Data-breach notification:
No event planner is a stranger to cyber-crimes. You must have seen or heard cases of cyber-thefts in terms of databases which are then misused by hackers.
It is quite imperative that planners take all precautions necessary to prevent the same. However, in case a data breach occurs, planners must report the breach within 72 hours after the organization is aware of the same and notify the necessary authorities as per the law.
5. Opting out :
The attendees whose data is being collected and utilized for marketing campaigns have the full authority to opt out at any given time. They have the authority to get their data completely removed from every database that it is stored it at any given point of time.
The organizers must honour this request and erase all records of the attendees who choose to opt out. Attendees, thus, have the ‘Right to be Forgotten’ as per GDPR.
What happens if you don’t comply with GDPR rules?
The imposition of GDPR comes by with some severe monetary penalties in case of noncompliance. If an organizer is charged with the breach of GDPR, they can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
Thus, this law is a major game changer in terms of event data and event analytics. Organizers must rethink the way they go about data collection and analysis and strategize accordingly, keeping in mind these data regulations so as to avoid any mishaps.