Tag: event management

Infographic: How to Choose the Right Event Tech Partner

If you manage events, it’s safe to say you use some form of technology that helps you get the job done – from simple spreadsheets and registration tools to more sophisticated tools like apps and event management software.  You may want to invest in something new but the choice is limitless with hundreds of companies offering you different ways to improve efficiency, reduce costs, engage attendees and drive value to your events.  So how do you decide which solution works best for you?

Read: 10 Reasons Why Businesses Invest in Event Management Software

How do you make sure that all those marketing promises you hear at vendor presentations are backed up with facts that matter to you, your organisation – and your delegates too?

For example, your event tech partner should not only understand what makes your attendees happy but apply this customer-oriented model in every aspect of their operations – from product development to account management, training and support. It is important to assess the quality of these services too. What types of training and onboarding services are available to you? Are there any hidden costs? What kind of pitfalls do clients face when moving from one system to another? Asking these kind of questions will help get an idea on how difficult the technology is to use or how much training your team may need.

Related article: 8 steps to take when choosing event management software

For a high-level checklist on all the important things you should go through when meeting different event tech vendors, have a look at the infographic below:


Did you enjoy reading this article?  Why not sign up to our weekly EventTech Talk newsletter for tips, updates and research reports on all the latest technology trends shaping the events industry today.

 

Top 10 GDPR Red Flags for Meetings and Events

GDPR is a big issue for event planners right now as many come to grips with the changes the regulation will bring to the way they collect, store and manage the personal information of people coming to their events. The understanding of all the requirements is also no mean feat. In fact, a recent survey on ‘GDPR readiness’ across meetings and events found that nearly 50% of event planners are unsure if the steps they’re taking are sufficient in meeting GDPR requirements – despite 60% holding responsibility for compliance.


Did you know that a data breach is essentially what can get your events into a lot of trouble under GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


Responsibility for GDPR compliance is something that goes through the entire event supply chain – from the organisation that is hosting the event and their event management team, all the way through to the third-party vendors that process data on their behalf.  So even though your IT and legal team may be the ones dealing with implementation and processes, there are many important aspects of the new data protection regulation that event planners need to be aware of so they don’t put their organisations at risk.

Based on conversations we’ve had with clients and other event professionals across a number of industries, we have identified below the most frequent red flags around GDPR.

In no particular order, here are our current top ten:

1) Legacy Lists

The question is; how good are your lists and will they stand up to being audited? Your mailing lists are a good example when it comes to legacy lists. For years you may have been e-mailing people without their full approval. Maybe you didn’t realise you were doing so. After all, you may have inherited a database that had been built over time. If, however, you are not confident that your list meets the GDPR test then you would be better off deleting them.

One well known pub chain decided that they didn’t know their legacy lists well enough and decided to stop using them. That may sound extreme but for them it was the right decision. What is your decision?

Connected to legacy lists is the thorny issue of what legal basis you will use for processing personal data. Consent is one basis. If you meet the requirements of consent that is great. Alternatively, you could decide to use Legitimate Interests as your legal basis and if that is the case then you have to be sure that you meet the correct guidelines to comply or else you will be told to stop processing. Using Legitimate Interests as a way of contacting people is fine as long as your reasons are truly legitimate. If not, then you are likely to be having many discussions with the Supervisory Authority to argue your case. Our thoughts if you are not really sure about using Legitimate Interests as an argument, don’t do it.  It is the weakest of the other legal reasons for processing.

2) Consent

Consent is quite confusing to many people. Firstly, it is only one of the methods that can be used to process personal data. One of the other methods is through contract. For example, if an event planner contracts a speaker, they do not then need to use consent as a means of staying in touch with the speaker in the lead up to the event. It’s clear that the speaker and event planner are working together and that is covered under the contract. If, however, the event planner wanted to market their event to speakers and didn’t have their consent to do so, then that would be a different matter.

When you do need consent make sure that there is no ambiguity in your message. Remember you cannot use any pre-ticked boxes anywhere regardless of whether they are on paper or in a device.

Read: Event Marketing Under GDPR – Consent Vs. Legitimate Interest

3) Processors Vs. Controllers

Are you a data controller or are you a processor or are you a mix of both? In the events space, it is easy for a number of organisations to be a mix and not even realise it. One example of being a mix of both applies to the Professional Conference Organiser (PCO).  How much does it really matter anyway? After all the goal is to keep personal data secure. For clarification however, it is important to understand which hat you are wearing as that is especially important in the case of reporting data breaches.

In simple terms, if you are an event planner and you have a list of delegates that you are directly in contact with, then you are the controller. If for your event you provide that list to a registration company for name badges etc. then you have passed them to a processor. If you do everything in house then you are wearing both hats. The rule of thumb Is always to spell out in a Contract to a processor exactly what you need them to do. Then there is no ambiguity plus you have an auditable record that you can show the Supervisory Authority.

4) Business Size

This is again a red flag for us because there are some businesses that believe GDPR doesn’t apply to them because of their size. That argument is incorrect. Even if you are a business owner operator you will still need to have your own Data Protection policies and processes in place. Coaches, speakers and sole traders of all types are currently writing and updating their policies to ensure compliance.

Connected to this is a tangential flag which is about supplying services or products on a B2B or B2C basis. Again, it doesn’t matter. Both are affected.

5) Data Breach Deadlines

Data breaches have to be reported within 72 hours of discovering the incident. This might sound like a long time but it is pretty short. If you are a processor you need to notify the data controller. And of course, the Supervisory Authority needs to be notified.  Think of what you can be doing to secure personal data to prevent a breach. In the world of busy event professionals using multiple devices on the road, the potential for a breach becomes heightened.

Read: Look after your attendee data or face the music!

6) Subject Access Requests (SARs)

The rights of individuals as mentioned earlier is at the very heart of GDPR. Individuals are entitled to find out what information is held on them. It’s the same position today so that doesn’t change. What does change in the UK is that the deadline for providing the information is 30 days and not 40 days. And you can no longer charge for the information. Of course, the 30-day deadline starts once you have verified that the person asking for the information is actually who they say they are. Therefore, you need proof of identity processes in place to deal with the SAR requests.

Read: Will GDPR Change the rights of Your Attendees?

7) Focus on Fines

Many speakers, consultants and blogs start with talking about the level of fines and penalties if breaches occur. It’s good. It grabs attention quickly. It scares people. However, the scarier issue which is often not mentioned is that the Supervisory Authority has the power to tell your business to stop work. Think of that. Stop your business. It’s time to get away from calculating whether your organisation will be in business because of a fine but what you will do when people are told to stop working.


Get your copy of ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation has on event marketing, data management and event technology.


8) Data Transfer Shortcuts

It is always busy working in the events space. There are many things to be done and time is always a challenge. That in itself can easily breed short cuts to get the job done. Unsecured spreadsheets with personal information are whizzed away to all sorts of venues, hotels, speakers and others. That will have to change. Securing documents with passwords, using encryption and other methods to keep data secure will need to be used. Remember, that the Supervisory Authority can come and audit your organisation which means your processes for sharing data will have to be recorded.

9) Geographical Location

“We will not be affected by your GDPR” is a phrase that continues to resound in our ears from organisations that are based outside of the European Union. It is a fair comment to a degree after all it is European Regulation. But, that is when you have to look deeper and realise that it applies for the benefit of European citizens and residents. Applying this to events then. Let’s take an example by way of European delegates coming to your event in Australia or New Zealand.  You will be bound then by GDPR even though you are at least 10,000 miles away from the UK.

Our advice, it’s best to think of GDPR as borderless.

10) Inadequate Training of Staff

Accountability is a key principle of GDPR. Everyone in an organisation has responsibility for personal data. It is not down to HR. It’s not down to IT. It’s not down to the Board. It is down to everyone. What does this mean for you? Well it means that for any temporary staff or interns or volunteers that you use, they need to be made aware of your Data Protection practices and processes. Everyone is accountable. If you keep that as your mantra you will not go far wrong even in the very busy event periods.

Conclusion

The 10 flags above just touch the tip of the iceberg. They are provided to provoke thinking about what your organisation needs to do. In no way should this blog post be construed as legal advice.

You can expect the intensity on privacy rights to be top of mind for many people following the recent ‘Facebook’ news. One thing is certain, GDPR is only going to continue to evolve. It is best to make sure it’s included fully in all your event planning activities and if you do find that you need to make some changes to your organisational policies, then now is the time.

Good luck!


Need help tracking and managing consent on event websites and registration forms?  Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help support the event planner’s journey to GDPR compliance – from audit trails and consent management to anonymisation of personal information and data security. For more info, please click here or get in touch: gdpr@eventsforce.com

Infographic: Are Your Events Ready for GDPR?

Infographic for preparing events and event planners for GDPR.

The General Data Protection Regulation (GDPR) is one of the most important changes facing our industry today as it is set to radically change the way events globally collect, process and protect the personal information of people in the EU.  But with just a few months to go until the May 2018 deadline, how ready are we really for Europe’s new data protection law?

Read: The Event Planner’s Guide to GDPR Compliance

Eventsforce conducted a research study with 120 event professionals earlier this month to assess the industry’s current state of ‘readiness’ for GDPR.  The study investigates where event planners stand in terms of their understanding of the new legislation, what steps they’re taking to get ready for the new requirements and the kind of challenges and opportunities they feel GDPR will bring to their organisations in the long-run.

Have a look at some of the key findings from the ‘Are Your Events Ready for GDPR’ study:

  • 2 in 3 event planners don’t understand all the requirements of GDPR despite 60% holding responsibility for compliance
  • Nearly 90% are already underway with their GDPR preparations but many concerned about meeting the May 2018 deadline
  • Creating awareness, running data audits and updating consent boxes on registration forms and websites are key steps event planners are currently undertaking
  • Data security will become a bigger priority for 81% of event planners, yet less than 30% have updated their data security practices or prepared for a data breach (Download eBook: The Event Planner’s Guide to Data Security in a Post-GDPR World‘)
  • Only 41% of event planners say their event technology systems meet the new GDPR requirements
  • 45% are concerned they will lose a large chunk of their marketing mailing lists as a result of GDPR
  • Perceived long-term benefits of GDPR include better data management, transparency with suppliers and improved reputation with attendees

For a more comprehensive look at the results of the ‘Are Your Event Ready for GDPR’ research study, please see the infographic below:


Enjoyed reading this article?  Sign up to our EventTech Talk newsletter for similar insights and weekly updates and advice on the latest technology trends, discussions and debates shaping the events industry today.

Industry Insight: The Impact of GDPR on Meetings & Events

If you’re an event planner or marketer and not up on the General Data Protection Regulation (GDPR) – a new, stricter EU data privacy law that comes into effect on May 25th 2018, the time to pay attention is now. George Sirius, CEO of Eventsforce, explains in an interview with MeetingsNet magazine, why GDPR is one of the most important changes facing the events industry today.

Why is GDPR an issue for meetings and events? What type of events will it effect?

GDPR is important because it will completely change the way events and meeting planners collect, process and protect the personal information of attendees coming from the Europe.  It will apply to ANY event holding data on EU citizens and residents – regardless of their location.  It is a major global issue and one that is vital for organisers to understand and prepare for as ignoring it could lead to some very serious financial consequences.

What impact will it have on events? The new regulation is going to change the way meeting planners decide what data needs to be collected from attendees in things like registration forms and apps and how that data is going to be used for marketing and personalisation. It will change the way attendee data is shared with other third-party organisations like venues, sponsors, agencies and tech providers.

The regulation will also force planners to play a much bigger role in securing all the data they collect from attendees, as well as making sure that any organisation dealing with their event data is also complying to the new regulations. Not doing so can result in big fines – and this is one of the most important things about GDPR.  Compared to current data protection regulations, non-compliance comes with serious financial consequences so event planners need to be prepared.


Get your copy of ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take now to get ready for the May 2018 deadline.


Why do meeting planners need to pay attention to GDPR? Isn’t this an IT or legal problem?

It’s easy to look at GDPR compliance as a technology initiative and not a business one.  But the reality is that even though it may be the responsibility of the IT and legal teams to sort it all out, there are a number of things that event planners do today that can put their organisations under serious financial risk with GDPR.  Things like using pre-ticked consent boxes in registration forms and apps and not having the proper processes in place to store attendee consent. Or sharing delegate lists freely with venues, speakers and other attendees. Or not paying enough attention to the information freelancers and temp staff have access to. Emailing unsecure spreadsheets and leaving unattended registration lists around. The list can go on and on.

It is therefore really important that event planners understand exactly what they should and shouldn’t do under GDPR – so that they can then figure out what changes they need to make around collecting and managing the personal information of people that come to their events.


Did you know that more than 81% of event planners think that data security is a much bigger priority for them because of GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


How does it affect event technology providers?  What should planners be talking with their event tech suppliers about when it comes to GDPR?

GDPR regulations require compliance both by the organisation hosting the event and the event tech companies that process data on their behalf (registration systems, mobile apps, surveys, networking tools etc).  It is therefore important that event planners make sure that all their tech vendors and suppliers are also fulfilling their legal responsibilities.  Why?  Because if in the course of an investigation, the authorities find that these parties have not been compliant, then the host organisation may also be liable too (even if they themselves were compliant).

So organisers need to start asking their event tech providers from now how they’re planning to fulfil their obligations around their events and GDPR – especially if their data centres are based outside the EU.  They need to find out where their data is hosted and how that data is being transferred in a way that is compliant to the new regulations.  They need to find out how the data is being used by the organisation, who has access to it and where they’re based.    For example, if their customer support team is based outside the EU (even if data is hosted within the EU), then they’ll still need to ensure that they’re complying with GDPR standards.

In the case of registration systems, the meetings organisation needs to find out how their provider allows them to obtain and store consent, as well how it can help them delete any personal data.    And they need to ask them how they themselves as an organisation are complying with GDPR.  Having an EU-based tech provider will ensure they’re also subject to the new regulations, which will limit the risk of non-compliance.  But that’s not enough.  What is their understanding of GDPR and how are they planning to help you their clients meet their obligations?  How important is data security for them and do they follow best practices?  What about their own suppliers and contractors who also have access to their data?  Having the answers to these questions will protect event organisers from any unpleasant surprises in the future.

Read:  5 Questions to Ask Your Event Tech Suppliers About GDPR

What aspects of GDPR are most important for meeting professionals to pay attention to?

There is no single aspect of GDPR that is less important than others – if an organisation is found to be non-compliant, then they will still be fined up to 20 million or 4% of their global turnover for each instance of non-compliance.  However, as we mentioned earlier, the key concerns for event planners in particular are the issues of consent, data security and ensuring that third-parties that process event data on their behalf are also meeting their legal obligations.

I think it’s important to highlight the issue of data security because a data breach is essentially what can get an organisation into a lot of trouble if it’s not complying with GDPR. Event organisers need to show they’re doing their best to protect the personal information of individuals to minimise the chances of it getting into the wrong hands.   Failing to report a data breach with 72 hours can result in crippling fines under GDPR – so ensuring that everyone in the events team has a good understanding of what constitutes a data breach and how to follow best practices is key to compliance.  It’s also important to think about what processes need to be put in place once a breach has been identified, including how to report it within a three-day timeframe.

Read: Look after your attendee data….or face the music!

What are likely to be the biggest challenges in preparing for GDPR? Are there any benefits that will result from doing the preparatory work, aside from avoiding penalties?

The biggest challenge for event planners will be around figuring out what personal data they hold on attendees/speakers/sponsors etc, where it came from and whether or not they have the adequate consent – remember that pre-ticked boxes and soft opt-ins will no longer count.  They need to know which systems this data is stored in, when it was last used and what it was used for.  They need to know how accurate the information is, what kind of processors they have in place to keep that data safe and whether or not it’s been shared with other suppliers and partners.  If it has, then they need to ensure that these parties also have the consent and that they are doing everything they can to comply to GDPR regulations and keep that data safe.

Running a data audit of this scale is a BIG job and unfortunately, there is no way round it.  If you find out you have inaccurate information on one of your delegates, for example, and you have shared this information with hotels and venues, then you will need to inform them about the inaccuracy and get them to correct their own records.  Or destroy the data if you never had the right consent in the first place.  You will not be able to do any of this unless you know what personal data you hold, where it came from, where it is stored and who you shared it with.

Read: 7 Steps to Get Your Events Ready for GDPR

It will be a challenging time ahead but it’s important to note that GDPR will also bring about some big opportunities for our industry too. Those that can show they’re dealing with personal data in a transparent and secure way and have respect for the privacy of individuals will succeed in building a new level of trust.  And this will be key in deciding which organisations people choose to deal with in the future.

Do you have any tips on how to make the preparation process as painless as possible?

Some organisations will be required to formally designate a Data Protection Officer (DPO), who will take responsibility for data protection compliance.  However, regardless of whether you need one or not (or compliance is something managed by IT and legal departments), it will really help the process if you have one person in the events team take ownership of GDPR and be the focal point for all things events and compliance.  That way you can keep a tighter control on making sure all the necessary steps are being taken to prepare for compliance and that the events team aren’t doing anything that puts their organisations at risk.

The full interview can be read as part of the new ‘Meeting Planner’s Guide to GDPR’ published by MeetingsNet this month.


Enjoyed reading this article?  Sign up to our EventTech Talk newsletter for similar insights and weekly updates and advice on the latest technology trends, discussions and debates shaping the events industry today.

How to Handle a Big Crisis at Your Event

A recent industry poll found that 77% of event planners find security and safety a growing priority for their events in – which is no surprise given the world we live in today. Incidents like terror attacks are now a constant threat to society. And consequently, security is now a bigger deal than ever before – especially for those running events in high-target city destinations.

Knowing how to handle an event in times of crisis has never been more relevant.

As an event planner, you may already have your own organisation’s crisis management policies that you need to follow. The hotels and conference facilities you use will also have their own security and safety procedures that you need to carefully keep in mind.  But what about how you communicate with people at your event at the time of a crisis? Knowing who you should talk to, as well as how and when you do that communication can mean the difference between failure or success.


In an era where people’s attention is rapidly declining, having the ability to offer people relevance is critical! Find out how you can use personalisation to give your attendees the experience they want by getting YOUR copy of The Event Planner’s Guide to Personalisation.


6 Essential Steps for Crisis Management in Events

Getting crisis communications right is not an easy thing.  The ones that do it well are usually the ones who are well prepared. So if you haven’t done so already, make sure you think about it now and incorporate it as an integral part of your event management strategy. And remember, it’s important to do this for any crisis situation that has the potential to disrupt your event – from fire outbreaks and flooding to any other incident that prompts an emergency evacuation.

Have a look at six key things you can do for an effective crisis communications plan around your events:

1) Identify Your Event Audiences

You need to think about all the different types of people you deal with at and around each one of your events.  In most situations, the stakeholders will include your attendees, on-site suppliers (security personnel, technology, promotion staff, venue, catering), partners such as speakers, sponsors and exhibitors, as well as journalists and colleagues (on ground and off-site).

2) Assign Audience ‘Owners’

Once you have these stakeholder groups listed out, create your internal crisis team by assigning the relationship ‘owners’ for each of your audience groups.  You need to have these dedicated points of contact – you can’t have one person managing everything if you want to be affective in the way you manage a crisis. Each of these relationship owners should create contact lists for their audience groups, which can include mobile numbers, email addresses and social media handles.  Collate these lists from your event registration software and make sure they are regularly updated so that you have the most current information on the day of your event.

3) Decide on Communication Channels

The next thing to determine is how you should communicate with all your stakeholders – needless to say, quick, clear and frequent communication will be appreciated at a time of crisis.  It will also protect your organisation’s reputation on how well you manage the safety of your attendees. Social media (especially Twitter) is a very powerful communication tool, especially given the 24-hour information cycle we currently live in. But it’s important to remember that social media does not guarantee mass reach. According to MarketingLand, about 2 percent of your Twitter followers see your Tweets. Similarly, AdWeek has stated that Facebook organic page reach stands at a fairly shocking 2.6%. Having said that, social media is key to sharing information with media and key influencers who can help amplify your message (journalists are the largest, most active verified user group on Twitter).

Aside from social media, you also have your email databases which can be created using the stakeholders lists you put together. You may have an event app, which is also a great tool to push notifications and update attendees on what they need to do.  You can also put up notices on your event website or screens you may have up around your venue.

4) Find the Best Platform for Each Audience

Notifications via event apps, emails and social media are usually the best option with your attendees. However, not all your stakeholders may be at your event.  Some may be offline and miss the notices you’ve posted online.  So think of other options too like text messages and phone calls.  Your organisation’s management team, for example, will probably need to be updated by phone.  Communications with your on-site team may be better through group calls or messaging apps like WhatsApp.

Bear in mind that immediately after a major incident like a terrorist attack, mobile networks may be unavailable due to excessive demand. Sit down with your management team and identify the most appropriate crisis communications channels for each of your audience categories and have contingency plans for every situation.

5) Draft a Communications Plan

Once you’ve identified your audiences and have a good idea on how you’ll be reaching out to them, the next step is to put together a communications plan. It’s difficult trying to figure out what you’re going to say if you’re not sure what crisis you’ll be facing. However, the last time you want to worry about on the day is putting some sort of plan together and chasing all the necessary approvals.  Have your crisis communications plan pre-approved and ready to go.  You could have a detailed plan for each type of crisis situation or you could have a more generalised one with clear action points.

6) Prepare Crisis Scenarios

Be proactive and start making a list of potential crisis situations around your events now – whether that be a terror attack, a power outage or a fire.  Draft the key messages you want to communicate with each of your stakeholders.  Be personal, transparent and genuine and make public safety your number one priority. Explain what has happened, what actions need to be taken, what information is available and the contact details of each stakeholder ‘owner’.  Include what your organisation’s stance is on the on-going situation, as well as details on when and where they should expect another update. The more information you provide, the less chance of creating an information vacuum, which often causes unnecessary panic and false speculation.

Lastly, train your team members through life-like simulations of all the different crisis scenarios outlined in your plan. Make sure they don’t talk ‘at’ your audiences at a time of crisis without listening and responding to them first as this will undermine their trust in your organisation. Conduct these exercises annually or around each event.

Are there any other considerations we should include in this list?  Let us know as we’d love to hear your views.


Did you find this article interesting? Get weekly updates from our EventTech Talk blog and learn about the latest technology-related trends, discussions and debates shaping the meetings and events industry today.  Click here to join EventTech Talk today.

 

 

7 Steps to Get Your Events Ready for GDPR

The  EU General Data Protection Regulation (GDPR) is probably one of the most important changes facing our industry today but compliance is seen by many as a complex, challenging and costly process.  Find out how what event planners can do to get their events ready!

How will GDPR impact Meetings & Events?

GDPR is a new legal framework that is set to radically change the way we collect, process and protect the personal data of people in the European Union. We published an article on the topic a few months ago (Blog: What Event Planners Need to Know About GDPR), looking at what the new requirements meant for our industry, the implications of BREXIT and how non-compliance, compared to current data protection regulations, can bring serious financial consequences to organisations worldwide.

For event planners, specifically, there are three main reasons why GDPR matters:

  1. GDPR will apply to ANY organisation hosting events in the EU and ANY organisation collecting data on EU citizens and residents – regardless of where the events take place.
  2. Events deal with high volumes of personal data collected through registration forms, mobile apps, surveys and networking tools. It is inevitable that planners need to know what they can and can’t do under GDPR.
  3. GDPR requires event planners (and event management agencies) to play a bigger role in securing their event data and ensuring that third party suppliers (ex. event tech suppliers) are also GDPR compliant. Not doing so can result in big fines and lost business.

    Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take to comply to the new requirements.


How Event Planners Can Prepare for GDPR

It’s easy to look at GDPR compliance as a technology initiative and not a business one.  But the reality is that even though it may be the responsibility of your IT and legal teams to sort it all out, there are a number of things that event planners need to do to make sure they don’t put their organisations at risk.

This checklist highlights the key steps to take to prepare your events for GDPR, based on advice published by the UK Information Commissioner’s Office (ICO):

1) Create Awareness

One of the first things you need to do is make sure that everyone in the events team (as well as other departments that deal with your event data) are aware that the law is changing to GDPR. They need to understand the changes you’re going to make around collecting, storing and managing the personal information of people coming to your events. They need to understand what they need to do to keep that data safe. And most importantly, they need to understand the risks of non-compliance (fines up to €20 million or 4% of your global annual turnover) and identify the areas that could cause problems under GDPR.

2) Run a Data Audit

You need to figure out what personal data you already hold in the databases you use around your events – starting from attendee mailing lists, speakers, sponsors and so on. You need to know exactly where that data came from and whether or not you have the adequate consent from these individuals to contact them (pre-ticked boxes and soft opt-ins no longer count with GDPR). You need to identify what systems that data is stored in, when it was last used and what it was used for. You need to know if that information was shared with other suppliers and partners (event management agencies, event technology providers).  And if it was, then check that you have the adequate consent for doing so and that these third-party organisations are also complying to GDPR.

It is a BIG job.  And the bad news is there’s no way round it. Say you find out you’ve shared delegate lists with sponsors and venues without the proper consent, then you need to destroy that data and make sure they do too.  You will not be able to make these kinds of decisions unless you know what personal data you hold, where it came from, where it is stored and who you shared it with.

Read: 5 Questions to Ask Event Tech Providers About GDPR Compliance

3) Update Your Consent Boxes

Have a look at your current privacy notices and consent boxes in things like registration forms, apps and websites and put a plan in place for making any necessary changes in time for the GDPR deadline – including what campaigns you’re going to run to get people to opt-in again.  Don’t forget if you don’t have the correct type of ‘active’ consent from someone then legally, you will no longer be allowed to contact them come May 2018.  So you need to find a way of getting people to re-opt-in if you want to keep them on your mailing lists.

Under current law, you need to give people only a certain level of information on how you’ll be using their data whenever you ask for consent.   With GDPR, you need to explain very clearly why you are collecting their information, how it will be used and ideally, how long you’ll keep their data for.  If you’re sharing their details with sponsors and exhibitors, then you need to name those organisations – general terms like ‘sponsors’ or ‘venues’ won’t do.  The language you use needs to be clear and concise and easy to understand.

4) Get to Know Your Attendee’s Rights

Don’t forget that GDPR is all about giving individuals more control over the use of their personal information.  Check your processes and make sure they cover all the new rights people will have under GDPR (Blog: How GDPR Changes the Rights of Attendees).  What would you do if an attendee asked you to delete all the personal information you hold on them?  The new regulations state you’ll need to respond to requests within 30 days at no charge. Would your event management system help you locate and delete the data in time? What about the same data that’s been recorded into your CRM?  What kind of hidden costs are there in doing this?  What happens if you need to deal with multiple requests at the same time? It is important that you get answers to these questions now to assess whether or not you need to make any changes to your processes.

5) Prepare for a Data Breach

This is really key because it is essentially what can get your organisation into a lot of trouble if it’s not complying with GDPR.   You should make sure you have the right procedures in place to detect and report the loss or theft of an individual’s data (think printed delegate lists). GDPR requires all organisations to report data breaches to the ICO or other such authority, if its’s likely to result in a risk to the rights and freedom of individuals (identify theft, financial loss, discrimination, damage to reputation etc).  If the risk is high for any of these things happening, then you’ll have to notify the affected individuals too.  Failure to report a breach within 72 hours could result in massive fines, as well as a fine for the breach itself.

6) Keep Your Event Data Safe

GDPR definitely puts security more front of mind when it comes to your event data. You’ll need to show that you’re doing your best to protect the personal information of individuals to minimise the chances of it getting into the wrong hands. Yes, you’ll need to follow your organisation’s own data security policies – from communications procedures and firewalls to the use of encryption and anti-virus software. But while your IT department will focus on typical external threats, there are risks that comes from within.


Did you know that a data breach is essentially what can get your events into a lot of trouble under GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


Find out who has access to your event data – both within your own organisation and the third-party suppliers that process data on your behalf (event tech vendors, event management agencies etc).  Have a look at their data security policies. Think about system passwords and how often you change them. Think about how you share your event data with others and what procedures you have in place to keep data safe on-site at your event. Ensuring everyone on your team has a good understanding of what constitutes a data breach and how to follow best practices will be key to compliance.

Read: Infographic –  How to Keep Your Event Data Safe

7) Appoint a Designated GDPR Team Member

Some organisations will be required to formally designate a Data Protection Officer (DPO) to take responsibility for data protection and GDPR compliance.  However, regardless of whether your organisation needs one or not (or whether compliance is something that will be managed by your IT and legal departments), it is important to have one person from the events team to take ownership of GDPR now and be the focal point of all things events and compliance.

Conclusion

GDPR compliance is not a simple matter and this is by no means a comprehensive list of everything you need to do to get your events ready for the May 2018 deadline – but it’s a good start.  The ICO still needs to clarify a lot of the requirements and everyone agrees that preparations for the new regulations will be a complex, challenging and costly process.  But those who take action now will be in the best position to succeed in the future.

Start planning for GDPR now by thinking about how your events are collecting data on EU citizens, how you’re storing consent and how you’re incorporating data security into your event planning and management processes.  Find out as well what your event tech providers and third-party agencies are also doing to comply with GDPR. Finally, remember that implementing changes will be a team effort where everyone is aware of the new requirements, along with the new processes that you’ll need to put in place.


Need help tracking and managing consent on event websites and registration forms?  Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help support the event planner’s journey to GDPR compliance – from audit trails and consent management to anonymisation of personal information and data security.

For more info, please click here or get in touch: gdpr@eventsforce.com

Ask the Experts: What Impact will GDPR have on Meetings and Events?

We’ve been talking a lot about GDPR lately.  And for good reason too.  One of the biggest shake ups in data protection and privacy laws for the past 20 years, the new EU General Data Protection Regulation will come into effect in May 2018 and completely change the way events collect and handle the personal information of European attendees.  But how important are these changes actually going to be for event planners? Is GDPR going to make things like data-driven marketing and personalisation a lot more difficult? Or will the new regulation bring on some new opportunities?


Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take to meet the new requirements.


EventTech Talk spoke to a number of well-known event experts to find out what they think about GDPR and what kind of impact it will have on the industry.  Here’s what they had to say:

Adam Parry, Editor, Event Industry News

GDPR will have a huge impact on event marketers next year, and this in my opinion is a good thing.  As an industry we have been very lazy, relying on email marketing with outdated and uncheck cleansed data, I see it myself getting invites to events from previous roles and or having never attended the event in the first place.

We will have to work smarter as event marketers but there are tools and solutions out there to help us and not make it a case of having to work harder.  Let’s take for example retargeting technology, it’s not new but hugely under-utilised by our industry as a way of remarking our event to web visitors that didn’t sign up to attend.

Follow Adam Parry on Twitter: @punchtownparry

Michael Owen, CEO, EventGenuity

I’m surprised by how little is known about GDPR by those in business events and associations sector in the United States. Of those who are familiar with the regulation, many forego learning more, as they think it applies only to organisations based in the EU. With headlines about breaches of personal data like Equifax as frequent as the sunrise, one would think at least that curiosity would drive everyone to fully understand the ramifications.

How great will the impact be in non-EU organisations? It’s hard to tell right away. At a recent session, one gent said, “I’m not going to worry about it, because it will be hard to enforce.” Hard? Yes. Impossible? No. Once non-EU enforcement is figured out, and the first massive fine occurs, I suspect interest will spike.

Misconceptions place barriers to learning: “We don’t have offices or hold meetings in the EU”, etc. For business events and associations who host attendees have members or subscribers from the EU for whom they hold data, there is liability.

It’s not all bad news, though. There is opportunity to improve internal business processes. The requirements force organisations to become more, well, organised. Isn’t it a good thing to be more aware of what personal data one possesses, where it resides, how it is processed and protected? Compliance could well reduce financial and reputational risk, and build trust with customers, members, attendees across the board. This outcome would provide more accurate data sets and more meaningful relationships amongst organisations and valued customers.

Follow Michael Owen on Twitter: @EventGenuity


Did you know that more than 75% of event planners think that data security is a much bigger priority for them because of GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


Brandt Krueger, Speaker & Consultant, Event Technology Consulting

I have extremely mixed feelings when it comes to GDPR, or for that matter, a lot of attempts to regulate the Internet. While companies clearly need to be held accountable for the securing of our personal data (I’m looking at you, Equifax), and I’m in favour of data transparency – most of these attempts at legislation are reactionary and only deal with new problems as they arise.

Much of the GDPR regulations surround consent. While noble in cause, we already give our consent to all kinds of things without thinking twice about it. We click through license agreements and software permission screens without reading them, and every website in the EU has to let me know that it’s using cookies. How many times have you stopped and thought, “Oh my, I don’t know about this cookie thing. I guess I’ll just shut down my browser and walk away.” Nope, you click on it as quickly as possible to just make the pop-up go away.

I worry that we’re going to be generating more and more of these types of screens, where people will be forced to check off 37 boxes of consent, just to find out where their next hosted buyer appointment is. Customers do need to be made aware of what information they’re providing, and exactly what is being gathered about them, but I have severe concerns about the implementation. This will be the most immediate impact on the event industry – how technology companies deal with the informed consent GDPR seems to demand. I predict lots of splash screens and checkboxes that absolutely nobody will read, along with signage next to fishbowl drawings at expos that, you guessed it, nobody will read.

On the positive side, I do think it’s important to require companies to provide a high level of transparency when it comes to other people’s data, though again I’m hesitant about the implementation. Does a dump of data into a CSV count as an accurate representation of your data? And again, the different types of data that are being gathered can be difficult to provide in a way that makes sense to the person making the request. Because it’s not just about the tangible, easy to understand, data like names and addresses – it’s often about the relationships, the links, the connections between that data that’s important. Knowing your name, address, and what magazines you subscribe to are three separate data points, but their interconnectivity can be enormously revealing in ways people would be shocked to discover.

Follow Brandt Krueger on Twitter: @BrandtKrueger

Kevin Iwamoto, Senior Consultant, GoldSpring Consulting

GDPR will have a major impact on the way companies and their event suppliers manage their events in 2018 and beyond.  All meetings and events that handle registrant-attendee personal information and the ways they handle, manage, and purge that information will have to change.  The currently liberal ways that attendee personal information is shared will also have to change.  GDPR will at least temporarily hinder how attendee data and registration lists are currently used.  The proliferation of technology platforms, mobile apps, etc. that currently use personal data for marketing campaigns and for determining things like Return on Engagement (ROE) and Return on Objectives (ROO) will need to be reviewed and changed to avoid major EU fines for GDPR violations.

Read: 5 questions to ask event tech providers about GDPR

All companies and their event supplier partners should be doing a personal data audit now to discover the multiple areas that will need to be modified to become GDPR compliant and to avoid the potential for massive fines.  Unfortunately, so many companies remain in the dark and in denial about their GDPR complicity requirements.

Follow Kevin Iwamoto on Twitter: @KevinIwamoto

Paul Cook, Writer & Researcher/Creator of Specialised Content Consultancy, Planet Planit

GDPR will have an impact on the events industry as it will on every sector. How big that impact is will depend on how many changes organisations will need to make in the way they look after personal data currently. For those companies that have strict policies in place already it will have less of an effect.

Having said that, marketing under the new regulation is a key area that will impact all businesses. Right now, the business has the power. Next May, the businesses effectively lose that power as it will be the individual that is in control. Consent to receive marketing messages will be a key challenge for a lot of companies and now is the time to sort out the data bases and work on privacy notices.  No longer will companies be able to say we will send your information to interested third parties. They will need to state who those companies are. Consent needs to be recorded and updated on a regular basis.

Does it bring new opportunities? Yes absolutely. One big benefit is that companies will be able to get closer to their clients and prospects. They will need to re-think some of their existing strategies for marketing but for the companies that understand how to make the most of the regulation they will gain trust and a bigger market share. After all, who wants to deal with a company that doesn’t care about whether your identity can be stolen or not?

Follow Paul Cook on Twitter: @planetplanitbiz

George Sirius, CEO, Eventsforce

GDPR is going to change the mindset of event planners when it comes to deciding what data they should collect from attendees, how they use that data for things like marketing campaigns and what they need to do to keep that data safe.  Current practices around getting consent in using this information and sharing it with other parties like event sponsors, for example, will land organisers into big trouble after May 2018.  The regulation is also going to force planners to play a bigger role in securing all the data they collect from attendees, as well as making sure that third party suppliers like agencies and event tech suppliers are also compliant to GDPR.   Again, not doing so can result in big fines.  And that is one of the big things about GDPR.  Compared to current data protection regulations, non-compliance comes with serious financial consequences. People aren’t fully aware of their rights yet, but they will be.  And once they are, the enquiries will start to come.  As will the lawsuits – especially if an event suffers a data breach.

Read: Will GDPR change the rights of your attendees?

But it’s not all bad news. I think GDPR will bring about some big opportunities for our industry too.  Event planners will need to think and act very differently in the way they talk to attendees – and be a lot more honest in the way they manage their information too.  Those organisations that show they’re dealing with personal data in a transparent and secure way and have respect for the privacy of individuals will succeed in building a new level of trust.  And this will be key in deciding which organisations people choose to deal with in the future.

Follow George Sirius on Twitter: @georgesirius

Corbin Ball, Meetings Technology Speaker/Consultant/Writer, Corbin Ball Associates

GDPR is a sweeping set of privacy regulations that will affect any event with European attendees or members regardless of where the event takes place. Non-compliance penalties are stiff so it will be imperative that the planners work with their IT departments and technology providers to ensure that the new regulations are met.

Follow Corbin Ball on Twitter: @corbinball

Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take now to get ready for the May 2018 deadline.