GDPR and the Implications for Professional Conference Organisers
Friday 3 November
Golden Jubilee Conference Hotel, Clydebank, Glasgow
Have you heard about the European Union’s tough new General Data Protection Regulation (GDPR)? If your organization collects personal data, then you need to pay attention. If any of your meeting and event attendees are coming from Europe, then the GDPR standards apply to you.
The new privacy rules extend to any company processing data of EU residents—regardless of the location of the company headquarters.
It will be enforced starting May 25, 2018, and is directly aimed at providing greater data protection for the roughly 508 million people in the member countries of the EU (currently 28 countries, including the United Kingdom until Brexit).
The scope of personal data covered by the GDPR is more than just name and address; it also covers income information, health information, frequent-flyer and frequent-stay account information, birthdays, age, food preference, allergy notifications, cultural and ethnic background information, and more.
Consider the following:
- Your exposure in terms of how you use personal registration data (name, address, country of citizenship, age, etc.) and how long you can retain that data
- Use of registered attendee data for marketing analytics
- Retention of education session data for future analytics and future conference education preferences
- Retention of personal data for frequent-flyer and frequent-stay account information, birthdays, age, food preference, allergy notifications, and other attendee preferences, etc.
Increased penalties under the GDPR
When the EU General Data Protection Regulation (GDPR) is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically.
From a theoretical maximum of £500,000 that the ICO could levy (in practice, the ICO has never issued a penalty higher than £400,000), penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.
For many businesses, the threat of insolvency or even closure as a result of GDPR penalties will soon be very real.
You now have about eight months to figure out the impact of GDPR to your meetings and events programs, your company, your suppliers, and any other organisation that gathers and retains personal attendee data. This is not long to bring an organisation to a state of compliance with the new law, which is why it is essential to prepare now.