1-888-760-0878
If you have not heard about it or really didn’t take the time to educate yourself about the new European regulation called GDPR, on May 25th a new data protection legislation goes into force and it affects everyone hosting events and collecting the personal information of EU citizens. If you are a conference or event organizer that has worldwide attendees then this is something you need to know as it greatly affects your business. GDPR is a “far reaching” legislation that doesn’t just affect the European Union (EU). It affects virtually every country in the world that does digital business and marketing where an EU citizen can become a customer, user, or provide their personal information to you.
Recently you may have noticed that you are receiving a lot of emails from various service providers (for example Google, Microsoft, Apple, Facebook, Twitter, etc) announcing updates to their privacy policies. These updates are largely a result of the GDPR regulations.
If you are not compliant with the General Data Protection Regulation (GDPR) legislation, it could mean fines of up to 20 million EURO, so it's vital for event organizers to understand the new GDPR requirements. This new legislation applies to everything from event registration systems, mobile event apps, online surveys to social media and scanning badges. It even includes manually collecting business cards at events.
A study by legislation firm Irwin Mitchell discovered only 34% of advertising and marketing firms were aware of the new data protection laws. To aid and prepare you, we have put together an overview to the most crucial aspects of GDPR that you need to know.
And if you’re already using Event Registration Pro Calendar for Joomla or Event Registration Pro Calendar for WordPress to collect event registration details, rest assured our software can easily make you compliant as long as you force registrants to accept your terms and conditions at the time of event registration and your privacy policy is GDPR compliant. We have put together an explanation of GDPR for event organizers so you can use to make sure you are compliant.
It’s not as bad as you might think. GDPR really is a good thing and once you understand it, the better off you’ll be.
The new EU General Data Protection Regulation (GDPR) was adopted last year, and was implemented May 25, 2018.
It has been noted as the most important change in data privacy regulations in 20 years and aims to give EU citizens more control over how their personal data is used.
Here are a couple of videos that give a quick overview of GDPR.
This video is a more boring straight forward video that gives a general overview.
This video is a bit more humorous but it really gives you a reality check and tells you exactly how GDPR affects your marketing efforts with regards to EU citizens.
The legislation that was previously in use was put in place before the Internet and cloud technology completely changed the way companies use “personal data” and the more updated GDPR aims to address that.
The EU also wanted to give businesses a more simple and clear legal environment in which to operate where they only have one law to comply with instead of the previous 28 laws across different EU countries.
In Article 4 (1) GDPR defines personal data as follows:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Essentially, if data can be used to identify a person, then it is classed as personal data under the laws of the GDPR. That includes information you are likely to collect from your event attendees such as names, addresses, birth dates and email addresses.
The short answer is, ALL organizations that are collecting and handling personal data of European Union (EU) citizens (or residents) have to comply with GDPR.
A very important part of the GDPR has do with the geographic scope of this new law. To quickly summarize: Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR.
Two points of clarification.
GDPR requires website and web store owners to inform visitors of the following things:
Here are some examples:
It is important to note that the GDPR focuses on the rights of individuals rather than companies. What exactly does GDPR entail?
With the GDPR in place, registrations for EU citizens will now be heavily moderated. Organizers have to be selective in terms of the information they ask for, keeping in mind the registrant's "Right to Privacy".
Attendees must declare that they consent to their data being utilized by the event organizers within the regulations. A difficult statement stating conditions and terms would no longer be an option. They must be specifically agreed to by the registrants. The agreement should be easily accessible and comprehensive to the attendees.
Independent from this, the regulation also consists of the practice of data portability. If these individuals want , data portability provides the right to the attendees to access their data anytime and transfer it from one controller to the other.
It is essential that organizers take all preventative measures essential to protect against the same. If a data breach takes place, organizers must report the breach within 72 hours after the organization is aware of the same and notify the necessary authorities as per the law.
The organizers must honor this specific request and remove all records of the attendees that choose to opt out. Attendees, therefore, hold the 'Right to be Forgotten' by means of GDPR.
People have been thriving in an Uncontrolled Wild West of not getting proper consent for marketing purposes, and GDPR is changing this. Gone are the times of stealthy pre-ticked opt-in boxes or confusingly phrased opt-in statements. People can also forget about adding each and every single event registrant and attendee marketing lists.
Here and now, consent has to be a 'freely given, specific, unambiguous and informed indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data pertaining to him or her.
When it comes to implementation it's not really quite as distressing as it seems. The ICO have summarized consent as 'putting individuals in charge.' An un-ticked opt-in box during your online entry that clearly states what an entrant is opting in to with a link to your privacy policy should do the job.
Remember, seeking clear and freely given consent is a really good thing. While your marketing lists may decrease in overall size, they will likewise significantly increase in quality. Marketing your event to one qualified prospect is significantly more effective than marketing to 100 individuals that couldn't care less.
One of the most substantial implications of GDPR is that it is retroactive. As of May 25th, 2018, all data you store and process for your event will need to comply with the regulations set out by GDPR.
This means you'll need to perform a full audit on the data you currently store to check that it will be compliant in advance of GDPR. Any data that doesn't meet the guidelines by May 25th, 2018 will need to be deleted.
Whilst many event organizers and marketers are panicking about this mass loss of data, you should actually see this as a good opportunity for some digital housekeeping. It's likely that this data is no longer of any use to you, and it will no doubt be costing you money to carry on processing it.
Until you have clear, freely-given consent from an event registrant to do so, you can't share their information with third parties. You should be checking any sponsor agreements now to ensure you're not promising the supply of information in which you can't lawfully provide.
If you have previously shared event data with sponsors that will not meet the consent requirements of GDPR, then you will need to inform those sponsors and request that they cease processing that data.
There were rumours circulating that Brexit would be a get-out-of-jail-free card for businesses in the UK when GDPR was first announced. Surely if the UK was no longer part of the EU, after that an EU-led legislation like GDPR wouldn't apply to UK companies?
The ICO quickly stated this wouldn't be the case, and the UK Government confirmed their stance in August 2017 with the announcement of the updated Data Protection Bill. One of the main aims of this Bill was to 'bring the European Union's General Data Protection Regulation into UK law.' That means even post-Brexit, GDPR will still apply to UK-based events.
Research not long ago performed by Censuswide has revealed 35% of American business organizations are not ready to satisfy the GDPR requirements in time for the due date. Regardless of how American companies may believe about GDPR, if they want to operate in Europe or attain contacts from EU citizens they have no choice but to become compliant. Organizations that neglect to do so run the danger of steep financial penalties that can reach 20 million EURO or 4% of global annual revenue.
Because the principles that undergird them are very different, the U.S. and EU rules on privacy protection diverge strongly. The protection of personal data is considered an important basic right in Europe while First Amendments rights of businesses are sacrosanct in the United States. This means that the GDPR is opt-in legislation (citizens need to explicitly give consent) while CAN-SPAM legislation is opt-out legislation (commercial mailings are allowed till the recipient says he or she no longer wants them).
So the bottom line here is that CAN-SPAM laws still apply as long as your list does not include EU citizens in your mailing lists. Good luck figuring that one out.
Yes, you'll most likely need to change or add information in your existing Privacy Policy. Thankfully, the ICO has provided a comprehensive guide to producing a GDPR compliant Privacy Policy.
This will walk you through what your event's Privacy Policy should include, where and when to display it, and how it should be written. As long as you follow all of the points they outline and use clear, straightforward language, you won't have any problems.
A nice site to review for generating a GDPR compliant privacy policy is here:
https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de/?lang=en
As pointed out previously, GDPR is retroactive. Getting the following 3 things updated will keep you GDPR compliant for accepting event registrations and marketing to past, present, and future event registrants.
Following these simple spteps will greatly increase your GDPR compliance with regards to your event organization efforts.
By accepting you will be accessing a service provided by a third-party external to https://www.joomlashowroom.com/