Tag: GDPR

Event Planners – Look After Your Attendee Data or Face the Music

Posted on by Eventsforce

As an event planner, you will know how important the new EU General Data Protection Regulation (GDPR) has been in raising the issue of data security.  In fact, a 2018 industry found that more than 75% of event planners believe that the safekeeping of their attendee data will be a much bigger priority for them because of GDPR.  But why should event professionals start taking responsibility for data security and what are the things they need to do to minimise the risks of breach?

What Event Planners Need to Know About GDPR and Data Security

Remember that GDPR is all about protecting the rights of individuals over organisations. It is an important piece of legislation that ensures that organisations dealing with personal information (and the events industry is no exception here!) are doing so in a transparent and secure way – and always in the individual’s best interests.

We’re already starting to see how GDPR is changing the way companies market themselves. After Facebook’s recent data breach scandal with Cambridge Analytica, the social networking giant has run an extensive advertising campaign promoting its security credentials.  We’ve also seen others like Barclays and the NHS using radio ads and billboards to assure customers that the safety of their personal information is a priority for them as an organisation.  This is only the beginning.

Read: Is the Facebook Data Breach Scandal a Wake-Up Call for the Events Industry?

For meetings and events, there are three important reasons why data security is now more important under GDPR:

  • GDPR makes ‘Privacy by Design’ a legal requirement, which means privacy concerns and the security of attendee data should be a consideration from the offset of all your event planning activities – and not just an afterthought.
  • GDPR requires you to take responsibility on how your third-party data processors (hotels, venues, agencies and event tech suppliers) are also looking after your attendee data.
  • GDPR makes it compulsory to notify authorities within 72 hours of discovering a security breach – it is therefore important for event teams to understand what constitutes a breach and what they should do if data is compromised.

eBook: The Event Planner’s Guide to Data Security in a Post-GDPR World

You may think that the whole issue of data security is something that needs to be dealt with by your IT, legal and operations team.  But the reality is that there are many day to day things that you may be doing as an event planner that could easily put your organisation under serious risk of a breach. Things like sharing system passwords and emailing delegate lists.  Not briefing freelances properly, losing devices and using open Wi-Fi networks.   These are just some examples but there are many more.

A new eBook from Eventsforce titled, ‘The Event Planner’s Guide to Data Security in a Post-GDPR World’ investigates some of these common data security vulnerability areas for meetings and events and offers readers some practical advice on what they can do to look after their attendee data. It also provides some useful information on how to identify a data breach and what steps to take if attendee data does end up getting lost, stolen or compromised.

Event planners can also use the two checklists that are included within the eBook. One is for event team leaders and the other for individual team members, to ensure everyone follows the same processes when it comes to data protection and the safety of attendee data.

The eBook follows the publication of the ‘Event Planner’s Guide to GDPR Compliance’ which looked at the impact of the new legislation on things like event marketing, data management and event technology – along with some practical steps on how planners can prepare for the new GDPR requirements.

Conclusion

If there is one thing that GDPR has achieved it is that the ownership and responsibility for data protection and security now rests on everyone.

The volume of personal information we collect in our industry is staggering. And doing things that minimise the chances of this data getting into the wrong hands will give your attendees confidence that you are on the case and looking after them properly.

Doing this all the time will boost your reputation, generate more confidence and ultimately bring you more business.  After all, why would people want to work with organisations who are doing as little as possible to safeguard their personal information?

But it will, however, require a shift in thinking.  Some of the ways in which event planners operated in the past will need to be changed.  But those who embrace this change will be the ones who stand out.  By making data security a priority around their events, they will be able to show attendees that their organisation can be trusted with their most valuable asset – their personal information.

You can download the ‘Event Planner’s Guide to Data Security in a Post-GDPR World’ here.

Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help with data security and support the event planner’s journey to GDPR readiness. Get in touch by contacting one of our team members at gdpr@eventsforce.com.

 

 

 

 

How Data Integration Can Help Your Events with GDPR Compliance

Posted on by Eventsforce

Integration between your event registration system and other business solutions like your CRM can bring real value to your events. It can help you save time and boost your team’s productivity.  It can improve the way you share critical event information with key people across your organisation. It can also help with GDPR compliance by reducing the risks of a data breach and giving you the control you need to manage things like attendee consent, data deletion and Subject Access Requests (SARs).

Webinar: The Importance of Data Integration in a Post-GDPR World

What is Event Data Integration?

Event planners deal with so many different systems to capture and manage information around their events – from their event management and registration systems to marketing, sales, finance, membership and so on. Having an ecosystem where all these different solutions automatically talk to each other through the use of APIs (Application Programme Interface) is where data integration comes in.

If you haven’t dealt with APIs, then think of it as a piece of software that functions as a door or window.  It’s that mechanism that allows your event management system to share data with your event app.  Or your registration system to share new attendee details with your CRM. Or your event payment transactions with your finance system and so on.

Over the past few years, we’ve seen event planners doing some great things by integrating their data with check-in systems, social media tools and event apps.  However, what we’re seeing more of now is that same concept of data sharing being applied with big back-end business systems. At Eventsforce, we’ve seen a 40% increase in the number of customers working on integration projects over the past year – and we expect this trend to grow significantly as event planners try to improve the way they manage their data in a post-GDPR world.

Why Is Data Integration Important for Event Planners?

The ability to automatically share information between an event management or registration solution like Eventsforce and other business systems like your CRM, marketing, membership and finance can bring you a host of benefits:

Time Savings: Reduce the endless hours you and your team spend manually replicating event data from one system to another

Increased Productivity: Improve productivity by spending less time on admin tasks and focusing your team’s efforts on other aspects of the event.

Data Accuracy: Automatic updates between systems means you’re always relying on the most up-to-date and accurate data – less errors and inconsistencies.

Better Insight: Key people across your organisation have insight to important event data at all times – which helps in making more informed decisions around your events.

Want to learn more about the benefits of data integration? Find out how you can save time, improve data sharing and reduce the risk of a data breach by downloading your copy of ‘The Event Planner’s Guide to Data Integration’ – includes case studies from Schroders, Haymarket, Royal Statistical Society and the Lib Dems.

How Can Data Integration Help with GDPR Compliance?

The EU’s new General Data Protection Regulation (GDPR) is coming into effect on May 25th 2018 and is set to radically change the way events collect, process and protect the personal information of people coming to their events.  What this essentially means is that event planners need to be a lot more aware on what personal data they collect from attendees, where this data is stored, who has access to it, what the data is used for and more importantly – how this data is kept safe.  They need to have a lot more control in the way this information is shared and managed across their own organisation – and this is exactly where data integration can bring real value:

Better data management: Integration between your event management system and CRM, for example, ensures any personal information you collect from registration forms and make changes to is automatically updated in your CRM too (and vice versa).  It will give everyone who has access to both systems insight into what personal information you hold from people coming to events, what consent you have and how their data is being managed and by whom – all of which are critical to GDPR compliance.

Read: How GDPR Will Change the Rights of Your Attendees

Improved data security: It’s important to remember that one of the key things that could get organisations into a lot of trouble under GDPR is a data breach.  Integration between your event management solution and other business systems will greatly improve the security of your event data by eliminating security risks associated with email communications, sending unsecure spreadsheets, manual transfers and having printed documents lying around.

Read: The Event Planner’s Guide to Data Security in a Post-GDPR World

To illustrate this in more detail, let’s take a look at a couple of examples:

Example 1: Integration Between Event Management System and CRM

Most organisations have some type of CRM system like Salesforce that manages all their data on their customers and contacts. Integrating your event management system with your CRM ensures the quick, accurate and seamless flow of data between the two systems where updates in one system are automatically reflected in the other.

  • When an attendee makes a change to their profile in your registration system or decides to withdraws marketing consent, the change is automatically updated in your CRM. This ensures your marketing department doesn’t continue sending them emails just because you forgot to inform them of the change.
  • New registrations can automatically be created as leads in your CRM if an attendee has given the right kind of consent – your marketing and sales team are always up to date on how this data can be used.
  • If an attendee asks you to delete all the personal information you hold on them, then any changes in the event system will also be reflected in the CRM (or vice-versa).
  • Data integration between the two system also reduces the risk of a data breach by eliminating the need for exporting registration data to an excel sheet and manually uploading attendee information into your CRM.

Example 2: Integration Between Event Management System and Membership

Most membership organisations, such as associations, use some form of membership system which helps them capture and manage all the data around their members. Integration between your event registration and membership systems means that any changes to records in one system is automatically updated in the other.

  • When a member makes a change to their profile in your registration system or withdraws consent in how you can use their information, the change is also automatically updated in your membership system (and vice versa).
  • Similarly, any renewals or new membership sign-ups are automatically recognised and updated in your registration system. If a non-member attendee becomes a member – then this could potentially change the legal basis for processing their personal information and the events marketing team need to be aware.
  • Membership teams can have real-time insight into the event attendance history of each member – also helps in managing Continual Professional Development (CPD) processes a lot more effectively.
  • If a member asks the membership team to delete their personal information or wants to know what information you hold on them, then all the relevant event-related information is already in your membership system. You also don’t need to export registration data to an excel sheet and manually upload attendee information into your membership data – less chance of data getting into the wrong hands!

Top Considerations for Successful Event Data Integration

If you feel that dealing with APIs and integration models may be somewhat technically challenging – don’t be discouraged.  Yes, your IT guys may be the ones who have to implement the technical aspects of an integration project. However, data integration is a business issue, not a technical one – with business objectives and consequences (like GDPR compliance) that can directly impact your events.

Whatever data integration project you decide to go with, you need to make sure it works for you and your events.  We would recommend you follow these guidelines that identify some of the most common challenges of data integration and outlines the key steps event planners specifically need to take to make sure their integration projects are a success. It includes things like getting all your stakeholders involved, thinking carefully about how you’d like to share event data between different systems, setting time and budgets, testing and so on.  Thinking about all these points will ensure that the whole process will be smoother and a lot more flexible for any changes you want to make in the future.

Conclusion

If you’re not sure where to start, then talk to your event tech provider. Ask them how they can support you on an integration project and how it can help in meeting GDPR requirements.  While many of them provide APIs for their software, many like Eventsforce also have established partnerships and API integration capabilities with tried and tested software solutions. This is helpful as you’ll be able to get things up and running without investing the time and money into any coding work that allows data to be shared between two systems. And if these API relationships don’t exist, it’s not a big deal. Just make sure they understand what it is you want to achieve and that they’re able to support you with the necessary recommendations and workflows that will make your integration projects a success.

Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help support the event planner’s journey to GDPR compliance – from audit trails and consent management to anonymisation of personal information and data security.

For more info, please click here or get in touch: gdpr@eventsforce.com

For more information about Eventsforce and its data integration services, please click here.

 

 

 

Is Facebook Data Breach a Wake-Up Call for Events Industry?

Posted on by Eventsforce

The Facebook data scandal that’s unravelled this week is an important reminder to everyone in the events industry as to why GDPR is happening. The incident has shaken up people’s trust in the way organisations manage their personal information and highlighted the need for more tighter regulations around data protection.

Event planners should use this opportunity to learn from the mistakes made by both Facebook and Cambridge Analytica and think very carefully about how they’re going to look after the personal information of attendees in a post-GDPR world.

Download eBook: The Event Planner’s Guide to GDPR Compliance 

Why is Facebook in Trouble?

In 2014, Facebook invited users to find out their personality type via a quiz developed by a Cambridge University researcher. About 270,000 users’ data was collected, but the app also collected some public data from users’ friends. Facebook has since changed the amount of data developers can gather in this way, but a whistle-blower says the data of about 50 million people was harvested for political consultancy firm, Cambridge Analytica. He claims the firm used the data to psychologically profile people and influence voters on behalf of clients – including Donald Trump’s presidential campaign. Facebook says users’ data was obtained legitimately but Cambridge Analytica failed to delete it when told to do so. Meanwhile, Cambridge Analytica denies any wrongdoing – saying it did delete the data when told to by Facebook.

The repercussions of this incident so far?  Facebook has lost around $50 billion in its market value over two days and we’re now seeing the #DeleteFacebook campaign which is rapidly sweeping across the Internet, as people leave the site in protest again its use of data harvesting and manipulation. Advertisers are also now telling Facebook ‘enough is enough’ with news on the BBC emerging that the ISBA, a trade body which represents major UK advertisers, will meet Facebook this week saying if the company fails to provide assurances about the security of users’ data, advertisers may spend money elsewhere.

How is it Related to GDPR?

According to Reuters, privacy experts have said the data breach is a prime example of the kind of practices that GDPR is supposed to prevent or punish: “Had the Cambridge Analytica incident happened after GDPR becomes law on May 25, it would cost Facebook 4% of their global revenue,” said Austrian privacy campaigner and Facebook critic Max Schrems. Because a UK company was involved and because at least some of the people whose data was misused were almost certainly European, GDPR would have applied.

The maximum GDPR fine would come into play in an incident like this because of the number of users affected and what appears to have been inadequate monitoring of third-party data practices: “The fact of the matter is that Facebook lost control of the data and wasn’t adequately monitoring what third-parties were doing,” said Scott Vernick, partner and expert in privacy and data security at law firm, Fox Rothschild.

The article goes further to say that the firestorm has prompted a furious response from lawmakers on both sides of the Atlantic, raising the prospect of expanding GDPR’s approach to privacy protection regulations to other countries. Again, a warning for organisations of what may lay ahead once the new legislation comes into force.

Facebook founder, Mark Zuckerberg, has admitted that the social network ‘made mistakes’, apologising for the incident and admitting that a huge ‘breach of trust’ has occurred – but needless to say, damage is done.  People have lost confidence in Facebook and the way it manages their personal information.  And this is key when you look at why GDPR is happening in the first place.

GDPR is all about the protecting the rights of individuals over organisations.  And it’s happening because current legislations no longer meet the privacy needs of the connected world we live in today. We’re giving away our personal information freely to organisations without much thought into how they’re using it and how they’re keeping it safe from both theft and manipulation.  And this is exactly what GDPR wants to address: that organisations dealing with personal data (the events industry is no exception here) are doing so in a transparent and secure way – and always in the individuals best interests.

Ironically, Zuckerberg’s response to the incident reiterates the same thing: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

The Importance of Data Security in Events

GDPR will certainly change attitudes to individual rights when it comes to data protection – especially in events. It will also change the mindset of event planners when it comes to deciding what data they should collect from attendees, how they use that data for things like marketing campaigns and personalisation, and what they need to do to keep that data safe.

Did you know that a data breach is essentially what can get your events into a lot of trouble under GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.

In fact, the issue of data security in a post-GDPR world is hugely important for the events industry.  A survey by Eventsforce last month assessing the GDPR readiness of more than 120 event professionals found that 81% believe data security will be a bigger priority for their events after the May 2018 deadline. And yet surprisingly, only 30% have taken steps to update their data security practices or prepare for a data breach (both of which are key to compliance requirements).

Data security is also an important issue when assessing the GDPR readiness of technology providers that process personal data on behalf of events (ex. registration systems, mobile apps, surveys, networking tools). The survey, however, found that only 41% of event planners were confident that their systems met the new requirements.

As an event professional, you may think that the whole issue of data security is something that needs to be dealt with by your IT, legal and operations teams – but the reality is that there are many things event planners do today that can put their organisations at a serious risk of a data breach and non-compliance to the new GDPR requirements:

  • Emailing unsecure spreadsheets that contain personal attendee data
  • Not paying attention to the data freelancers and temp staff have access to
  • Leaving printed registration lists unattended on-site
  • Not reporting theft or loss of laptops and devices that contain personal information
  • Not changing system passwords often enough/sharing passwords with others

It is therefore more important than ever for event planners to understand what they should and shouldn’t do when it comes to collecting, processing and securing the personal information of attendees under GDPR.

What Should Event Planners Do?

Most event planners will follow their organisation’s own set of data security and protection policies when it comes to storing and sharing event data – from communication procedures to firewalls, encryption and anti-virus software.  However, it is important to take some additional steps that will help your events meet GDPR requirements and minimise the chances of data getting into the wrong hands:

1) Keep Your Data Safe

GDPR makes ‘Privacy by Design’ a legal requirement, which put simply means that privacy concerns should be a consideration from the offset in any event planning campaign – and not simply an afterthought. Data protection and processing safeguards must become part of the DNA of all the systems and processes you have in place. This will be a major shift in thinking for event planners and something they need to think about now, not later.

You need to think about risk factors and see how you can minimise them. For example, find out who has access to your event data, whether they need to have that access and what happens to that access when the event is over? You should also assess the kind of personal information you’re collecting in registration forms, apps and surveys around your events.  Do you need to ask your attendees all the demographic information you currently do? If you’re never going to use their phone numbers, then don’t ask the question. If you only need to verify they’re over 18, don’t ask for birth dates or passport details.  Don’t forget, the more personal data you hold, the higher your chances of risk.

Read: Infographic – How to Keep Your Event Data Safe

2) Assess Security Practices of Suppliers

Just like Facebook should have taken more adequate measures in monitoring what third-parties were doing with users’ personal data – event planners should look into how their event data is being managed by all the third-party suppliers they deal with around their events (tech vendors, staffing agencies, hotels, venues, event management agencies etc). Why? Because if in the course of an investigation, the authorities find that these parties have not been compliant, then the host organisation may also be liable too (even if they themselves were compliant).

Find out how suppliers like your registration software vendor are managing the data they’re processing on your behalf.  How are they using the personal information of people coming to your events, who has access to this data and where are they based?  How important is data security for them and do they follow best practices?  How long do they keep your data for and what procedures do they have in place to delete this data when you ask them to? What about their own suppliers and contractors who also have access to their data?  You need to ensure they can clearly explain what contractual and legal safeguards they have in place to look after your data at all times. Having the answers to these questions will protect you from any unpleasant surprises in the future.

Read: 5 questions to ask your event tech providers about GDPR compliance

3) Prepare for a Data Breach

Failing to report a data breach within 72 hours can result in crippling fines under GDPR – so ensuring that everyone on your events team has a good understanding of what constitutes a data breach (ex. Loss of iPad containing registration lists) and how to follow best practices is key to compliance. You also need to think about what processes you need to put in place once a breach has been identified, including how to report it within the three-day timeframe.

Conclusion

GDPR clearly presents some new challenges for event planners, but it also brings some big opportunities too. By focusing on the rights of individuals over organisations, the new regulation will help events become a lot more responsible in the way they manage the personal information of people coming to their events. Those that can show they’re dealing with personal information in a transparent and secure way and have respect for the privacy of individuals will succeed in building new levels of trust.  And given what we’ve seen this week, this will be key in deciding which organisations people choose to deal with in the future.

Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help with data security and support the event planner’s journey to GDPR readiness. Get in touch by contacting one of our team members at gdpr@eventsforce.com.

 

Infographic: Are Your Events Ready for GDPR

Posted on by Eventsforce

The General Data Protection Regulation (GDPR) is one of the most important changes facing our industry today as it is set to radically change the way events globally collect, process and protect the personal information of people in the EU.  But with just a few months to go until the May 2018 deadline, how ready are we really for Europe’s new data protection law?

Read: The Event Planner’s Guide to GDPR Compliance

Eventsforce conducted a research study with 120 event professionals earlier this month to assess the industry’s current state of ‘readiness’ for GDPR.  The study investigates where event planners stand in terms of their understanding of the new legislation, what steps they’re taking to get ready for the new requirements and the kind of challenges and opportunities they feel GDPR will bring to their organisations in the long-run.

Have a look at some of the key findings from the ‘Are Your Events Ready for GDPR’ study:

  • 2 in 3 event planners don’t understand all the requirements of GDPR despite 60% holding responsibility for compliance
  • Nearly 90% are already underway with their GDPR preparations but many concerned about meeting the May 2018 deadline
  • Creating awareness, running data audits and updating consent boxes on registration forms and websites are key steps event planners are currently undertaking
  • Data security will become a bigger priority for 81% of event planners, yet less than 30% have updated their data security practices or prepared for a data breach (Download eBook: The Event Planner’s Guide to Data Security in a Post-GDPR World‘)
  • Only 41% of event planners say their event technology systems meet the new GDPR requirements
  • 45% are concerned they will lose a large chunk of their marketing mailing lists as a result of GDPR
  • Perceived long-term benefits of GDPR include better data management, transparency with suppliers and improved reputation with attendees

For a more comprehensive look at the results of the ‘Are Your Event Ready for GDPR’ research study, please see the infographic below:

Enjoyed reading this article?  Sign up to our EventTech Talk newsletter for similar insights and weekly updates and advice on the latest technology trends, discussions and debates shaping the events industry today.

Industry Insight: The Impact of GDPR on Meetings & Events

Posted on by Eventsforce

If you’re an event planner or marketer and not up on the General Data Protection Regulation (GDPR) – a new, stricter EU data privacy law that comes into effect on May 25th 2018, the time to pay attention is now. George Sirius, CEO of Eventsforce, explains in an interview with MeetingsNet magazine, why GDPR is one of the most important changes facing the events industry today.

Why is GDPR an issue for meetings and events? What type of events will it effect?

GDPR is important because it will completely change the way events and meeting planners collect, process and protect the personal information of attendees coming from the Europe.  It will apply to ANY event holding data on EU citizens and residents – regardless of their location.  It is a major global issue and one that is vital for organisers to understand and prepare for as ignoring it could lead to some very serious financial consequences.

What impact will it have on events? The new regulation is going to change the way meeting planners decide what data needs to be collected from attendees in things like registration forms and apps and how that data is going to be used for marketing and personalisation. It will change the way attendee data is shared with other third-party organisations like venues, sponsors, agencies and tech providers.

The regulation will also force planners to play a much bigger role in securing all the data they collect from attendees, as well as making sure that any organisation dealing with their event data is also complying to the new regulations. Not doing so can result in big fines – and this is one of the most important things about GDPR.  Compared to current data protection regulations, non-compliance comes with serious financial consequences so event planners need to be prepared.

Get your copy of ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take now to get ready for the May 2018 deadline.

Why do meeting planners need to pay attention to GDPR? Isn’t this an IT or legal problem?

It’s easy to look at GDPR compliance as a technology initiative and not a business one.  But the reality is that even though it may be the responsibility of the IT and legal teams to sort it all out, there are a number of things that event planners do today that can put their organisations under serious financial risk with GDPR.  Things like using pre-ticked consent boxes in registration forms and apps and not having the proper processes in place to store attendee consent. Or sharing delegate lists freely with venues, speakers and other attendees. Or not paying enough attention to the information freelancers and temp staff have access to. Emailing unsecure spreadsheets and leaving unattended registration lists around. The list can go on and on.

It is therefore really important that event planners understand exactly what they should and shouldn’t do under GDPR – so that they can then figure out what changes they need to make around collecting and managing the personal information of people that come to their events.

Did you know that more than 81% of event planners think that data security is a much bigger priority for them because of GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.

How does it affect event technology providers?  What should planners be talking with their event tech suppliers about when it comes to GDPR?

GDPR regulations require compliance both by the organisation hosting the event and the event tech companies that process data on their behalf (registration systems, mobile apps, surveys, networking tools etc).  It is therefore important that event planners make sure that all their tech vendors and suppliers are also fulfilling their legal responsibilities.  Why?  Because if in the course of an investigation, the authorities find that these parties have not been compliant, then the host organisation may also be liable too (even if they themselves were compliant).

So organisers need to start asking their event tech providers from now how they’re planning to fulfil their obligations around their events and GDPR – especially if their data centres are based outside the EU.  They need to find out where their data is hosted and how that data is being transferred in a way that is compliant to the new regulations.  They need to find out how the data is being used by the organisation, who has access to it and where they’re based.    For example, if their customer support team is based outside the EU (even if data is hosted within the EU), then they’ll still need to ensure that they’re complying with GDPR standards.

In the case of registration systems, the meetings organisation needs to find out how their provider allows them to obtain and store consent, as well how it can help them delete any personal data.    And they need to ask them how they themselves as an organisation are complying with GDPR.  Having an EU-based tech provider will ensure they’re also subject to the new regulations, which will limit the risk of non-compliance.  But that’s not enough.  What is their understanding of GDPR and how are they planning to help you their clients meet their obligations?  How important is data security for them and do they follow best practices?  What about their own suppliers and contractors who also have access to their data?  Having the answers to these questions will protect event organisers from any unpleasant surprises in the future.

Read:  5 Questions to Ask Your Event Tech Suppliers About GDPR

What aspects of GDPR are most important for meeting professionals to pay attention to?

There is no single aspect of GDPR that is less important than others – if an organisation is found to be non-compliant, then they will still be fined up to 20 million or 4% of their global turnover for each instance of non-compliance.  However, as we mentioned earlier, the key concerns for event planners in particular are the issues of consent, data security and ensuring that third-parties that process event data on their behalf are also meeting their legal obligations.

I think it’s important to highlight the issue of data security because a data breach is essentially what can get an organisation into a lot of trouble if it’s not complying with GDPR. Event organisers need to show they’re doing their best to protect the personal information of individuals to minimise the chances of it getting into the wrong hands.   Failing to report a data breach with 72 hours can result in crippling fines under GDPR – so ensuring that everyone in the events team has a good understanding of what constitutes a data breach and how to follow best practices is key to compliance.  It’s also important to think about what processes need to be put in place once a breach has been identified, including how to report it within a three-day timeframe.

Read: Look after your attendee data….or face the music!

What are likely to be the biggest challenges in preparing for GDPR? Are there any benefits that will result from doing the preparatory work, aside from avoiding penalties?

The biggest challenge for event planners will be around figuring out what personal data they hold on attendees/speakers/sponsors etc, where it came from and whether or not they have the adequate consent – remember that pre-ticked boxes and soft opt-ins will no longer count.  They need to know which systems this data is stored in, when it was last used and what it was used for.  They need to know how accurate the information is, what kind of processors they have in place to keep that data safe and whether or not it’s been shared with other suppliers and partners.  If it has, then they need to ensure that these parties also have the consent and that they are doing everything they can to comply to GDPR regulations and keep that data safe.

Running a data audit of this scale is a BIG job and unfortunately, there is no way round it.  If you find out you have inaccurate information on one of your delegates, for example, and you have shared this information with hotels and venues, then you will need to inform them about the inaccuracy and get them to correct their own records.  Or destroy the data if you never had the right consent in the first place.  You will not be able to do any of this unless you know what personal data you hold, where it came from, where it is stored and who you shared it with.

Read: 7 Steps to Get Your Events Ready for GDPR

It will be a challenging time ahead but it’s important to note that GDPR will also bring about some big opportunities for our industry too. Those that can show they’re dealing with personal data in a transparent and secure way and have respect for the privacy of individuals will succeed in building a new level of trust.  And this will be key in deciding which organisations people choose to deal with in the future.

Do you have any tips on how to make the preparation process as painless as possible?

Some organisations will be required to formally designate a Data Protection Officer (DPO), who will take responsibility for data protection compliance.  However, regardless of whether you need one or not (or compliance is something managed by IT and legal departments), it will really help the process if you have one person in the events team take ownership of GDPR and be the focal point for all things events and compliance.  That way you can keep a tighter control on making sure all the necessary steps are being taken to prepare for compliance and that the events team aren’t doing anything that puts their organisations at risk.

The full interview can be read as part of the new ‘Meeting Planner’s Guide to GDPR’ published by MeetingsNet this month.

Enjoyed reading this article?  Sign up to our EventTech Talk newsletter for similar insights and weekly updates and advice on the latest technology trends, discussions and debates shaping the events industry today.

7 Steps to Get Your Events Ready for GDPR

Posted on by Eventsforce

The  EU General Data Protection Regulation (GDPR) is probably one of the most important changes facing our industry today but compliance is seen by many as a complex, challenging and costly process.  Find out how what event planners can do to get their events ready!

How will GDPR impact Meetings & Events?

GDPR is a new legal framework that is set to radically change the way we collect, process and protect the personal data of people in the European Union. We published an article on the topic a few months ago (Blog: What Event Planners Need to Know About GDPR), looking at what the new requirements meant for our industry, the implications of BREXIT and how non-compliance, compared to current data protection regulations, can bring serious financial consequences to organisations worldwide.

For event planners, specifically, there are three main reasons why GDPR matters:

  1. GDPR will apply to ANY organisation hosting events in the EU and ANY organisation collecting data on EU citizens and residents – regardless of where the events take place.
  2. Events deal with high volumes of personal data collected through registration forms, mobile apps, surveys and networking tools. It is inevitable that planners need to know what they can and can’t do under GDPR.
  3. GDPR requires event planners (and event management agencies) to play a bigger role in securing their event data and ensuring that third party suppliers (ex. event tech suppliers) are also GDPR compliant. Not doing so can result in big fines and lost business.

    Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take to comply to the new requirements.

How Event Planners Can Prepare for GDPR

It’s easy to look at GDPR compliance as a technology initiative and not a business one.  But the reality is that even though it may be the responsibility of your IT and legal teams to sort it all out, there are a number of things that event planners need to do to make sure they don’t put their organisations at risk.

This checklist highlights the key steps to take to prepare your events for GDPR, based on advice published by the UK Information Commissioner’s Office (ICO):

1) Create Awareness

One of the first things you need to do is make sure that everyone in the events team (as well as other departments that deal with your event data) are aware that the law is changing to GDPR. They need to understand the changes you’re going to make around collecting, storing and managing the personal information of people coming to your events. They need to understand what they need to do to keep that data safe. And most importantly, they need to understand the risks of non-compliance (fines up to €20 million or 4% of your global annual turnover) and identify the areas that could cause problems under GDPR.

2) Run a Data Audit

You need to figure out what personal data you already hold in the databases you use around your events – starting from attendee mailing lists, speakers, sponsors and so on. You need to know exactly where that data came from and whether or not you have the adequate consent from these individuals to contact them (pre-ticked boxes and soft opt-ins no longer count with GDPR). You need to identify what systems that data is stored in, when it was last used and what it was used for. You need to know if that information was shared with other suppliers and partners (event management agencies, event technology providers).  And if it was, then check that you have the adequate consent for doing so and that these third-party organisations are also complying to GDPR.

It is a BIG job.  And the bad news is there’s no way round it. Say you find out you’ve shared delegate lists with sponsors and venues without the proper consent, then you need to destroy that data and make sure they do too.  You will not be able to make these kinds of decisions unless you know what personal data you hold, where it came from, where it is stored and who you shared it with.

Read: 5 Questions to Ask Event Tech Providers About GDPR Compliance

3) Update Your Consent Boxes

Have a look at your current privacy notices and consent boxes in things like registration forms, apps and websites and put a plan in place for making any necessary changes in time for the GDPR deadline – including what campaigns you’re going to run to get people to opt-in again.  Don’t forget if you don’t have the correct type of ‘active’ consent from someone then legally, you will no longer be allowed to contact them come May 2018.  So you need to find a way of getting people to re-opt-in if you want to keep them on your mailing lists.

Under current law, you need to give people only a certain level of information on how you’ll be using their data whenever you ask for consent.   With GDPR, you need to explain very clearly why you are collecting their information, how it will be used and ideally, how long you’ll keep their data for.  If you’re sharing their details with sponsors and exhibitors, then you need to name those organisations – general terms like ‘sponsors’ or ‘venues’ won’t do.  The language you use needs to be clear and concise and easy to understand.

4) Get to Know Your Attendee’s Rights

Don’t forget that GDPR is all about giving individuals more control over the use of their personal information.  Check your processes and make sure they cover all the new rights people will have under GDPR (Blog: How GDPR Changes the Rights of Attendees).  What would you do if an attendee asked you to delete all the personal information you hold on them?  The new regulations state you’ll need to respond to requests within 30 days at no charge. Would your event management system help you locate and delete the data in time? What about the same data that’s been recorded into your CRM?  What kind of hidden costs are there in doing this?  What happens if you need to deal with multiple requests at the same time? It is important that you get answers to these questions now to assess whether or not you need to make any changes to your processes.

5) Prepare for a Data Breach

This is really key because it is essentially what can get your organisation into a lot of trouble if it’s not complying with GDPR.   You should make sure you have the right procedures in place to detect and report the loss or theft of an individual’s data (think printed delegate lists). GDPR requires all organisations to report data breaches to the ICO or other such authority, if its’s likely to result in a risk to the rights and freedom of individuals (identify theft, financial loss, discrimination, damage to reputation etc).  If the risk is high for any of these things happening, then you’ll have to notify the affected individuals too.  Failure to report a breach within 72 hours could result in massive fines, as well as a fine for the breach itself.

6) Keep Your Event Data Safe

GDPR definitely puts security more front of mind when it comes to your event data. You’ll need to show that you’re doing your best to protect the personal information of individuals to minimise the chances of it getting into the wrong hands. Yes, you’ll need to follow your organisation’s own data security policies – from communications procedures and firewalls to the use of encryption and anti-virus software. But while your IT department will focus on typical external threats, there are risks that comes from within.

Did you know that a data breach is essentially what can get your events into a lot of trouble under GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.

Find out who has access to your event data – both within your own organisation and the third-party suppliers that process data on your behalf (event tech vendors, event management agencies etc).  Have a look at their data security policies. Think about system passwords and how often you change them. Think about how you share your event data with others and what procedures you have in place to keep data safe on-site at your event. Ensuring everyone on your team has a good understanding of what constitutes a data breach and how to follow best practices will be key to compliance.

Read: Infographic –  How to Keep Your Event Data Safe

7) Appoint a Designated GDPR Team Member

Some organisations will be required to formally designate a Data Protection Officer (DPO) to take responsibility for data protection and GDPR compliance.  However, regardless of whether your organisation needs one or not (or whether compliance is something that will be managed by your IT and legal departments), it is important to have one person from the events team to take ownership of GDPR now and be the focal point of all things events and compliance.

Conclusion

GDPR compliance is not a simple matter and this is by no means a comprehensive list of everything you need to do to get your events ready for the May 2018 deadline – but it’s a good start.  The ICO still needs to clarify a lot of the requirements and everyone agrees that preparations for the new regulations will be a complex, challenging and costly process.  But those who take action now will be in the best position to succeed in the future.

Start planning for GDPR now by thinking about how your events are collecting data on EU citizens, how you’re storing consent and how you’re incorporating data security into your event planning and management processes.  Find out as well what your event tech providers and third-party agencies are also doing to comply with GDPR. Finally, remember that implementing changes will be a team effort where everyone is aware of the new requirements, along with the new processes that you’ll need to put in place.

Need help tracking and managing consent on event websites and registration forms?  Eventsforce offers a comprehensive set of event management solutions, services and expertise that can help support the event planner’s journey to GDPR compliance – from audit trails and consent management to anonymisation of personal information and data security.

For more info, please click here or get in touch: gdpr@eventsforce.com

4 Technology Trends from Experts at Europe’s Largest Event Tech Show

Posted on by Eventsforce

The annual Event Tech Live show took place in London this month, and once again, it didn’t disappoint.   As Europe’s only dedicated exhibition and conference for event professionals interested in event technology, it attracts more than 1,600 attendees and 100-plus exhibitors from the event tech industry.  The show had a generous display of new technology innovations and solutions, including a launchpad pitch competition which gave a good insight on what’s coming next. More interestingly, the conference brought together a number of experts from technology vendors to event organisers to discuss and debate the latest technology trends and issues shaping our industry today.

From GDPR, personalisation and the future of event apps to the emergence of new applications like chatbots and facial recognition technology – have a look at our top takeaways from Europe’s largest event tech show:

In case you missed it…GDPR is coming!

If there was one topic that kept popping up time and time again across most of the sessions at the show, it was the EU General Data Protection Regulation (GDPR) and the impact it will have on the events industry. And yet surprisingly, an audience poll conducted by a panel of experts from Glisser, SpotMe and Krowdthink revealed that MOST event planners had actually very little understanding about the new regulation – which is quite alarming, given the implications.

GDPR is coming into effect in May 2018 and will apply to ANY event collecting and processing the personal information of European attendees – regardless of location. For event planners, the new regulation presents a change in the way they decide what data needs to be collected from attendees and how that data is used for things like marketing campaigns.  It will change the way attendee data is shared with other third-party organisations like venues, sponsors and tech providers. It will also change attitudes to data security and what measures need to be in place to keep attendee data safe. And let’s not forget about the fines.  Compared to current data protection regulations, non-compliance to GDPR can lead to some very serious financial consequences – and lawsuits.

But it’s not all bad news. GDPR will bring about some big opportunities for our industry too.  In fact, one of the main take-aways from the panel was that GDPR is a big chance for event planners to advance their careers. How? By taking ownership of GDPR.  By ensuring that events are dealing with personal data in a transparent and secure way – and always in the individual’s best interest.  And by getting their event tech ready too. If you’re interested in finding out more, have a look at this free eBook ‘The Event Planner’s Guide to GDPR Compliance’ which explains why the events industry has to start taking responsibility for GDPR, its impact on event marketing, data management and event technology and what steps event planners need to take now to get ready for the May 2018 deadline.

Related Article: 5 Questions You Need to Ask Event Tech Providers About GDPR

Event Apps Vs. Chatbots

The popularity around event apps has evolved so much over the last few years – most people attending any kind of event expect an app and it seems most event planners want one too.  But are apps starting to get a bad reputation?  How effective are they really in engaging audiences? And will other emerging technologies like NFC and chatbots replace the need for event apps all together?  These questions were addressed in a very interesting discussion by panellists from Sciensio, Beeem, NoodleLive and CrowdComms exploring the future of event apps.

In the always-connected world of smartphones, social media and information-on-demand, it seems that the attention span of our attendees is getting shorter and shorter.   And this is something that event planners need to address if they want their attendees to interact more with their apps. People don’t want to waste their time browsing through irrelevant content on an app just to find out the location of their next session.  They want the technology to add value to their event experience and they want the interaction with the technology as easy as possible.  And this is where chatbots come in.  They don’t require attendees to download anything.  They apply easy text-based messaging t technology that most people are comfortable in using and more importantly, they provide that instant personalised information service that attendees are looking for at an event. Though we firmly believe that native apps still have a firm place in the events industry – perhaps we will start seeing more people move towards what chatbots can offer over the coming few years.

All the panellists agreed that pushing more personalised content on people’s smartphones will be a key trend over the coming years. Websites can already send personal push notifications on people’s phones through Google Chrome (coming soon on Safari).  Google is also driving a big push towards progressive web apps – which basically allows you to run apps on a web browser. The technology will bridge the gap between apps and websites by offering the functionality of both, with more offline capabilities, improved speed and better performance.  Watch this space.

How Important is Event Personalisation?

Personalisation was another hot topic at the event and we can understand why. More and more attendees are starting to expect both the communication of an event and the live experience to be tailored to them in some way.  At the same time, the abundant use of sophisticated data capture tools – from registration systems and apps to surveys, social media, networking and on-site tracking solutions – are helping event planners collect and analyse valuable attendee information to create more powerful and customised event experiences.   But as good as it all sounds, is it something we should all do?  And how do we decide how much personalisation we should actually do?

This was the basis of one panel discussion between Eventsforce, Haymarket Media and the British Council which unveiled the results of a new research study on event personalisation.  It seems that despite it being a growing priority for 73% of event planners, more than 50% struggle to see how effective their personalisation efforts are in engaging attendees and building brand loyalty.  The study also revealed that more than half don’t end up using all the data they collect for personalisation and another 44% find it difficult to determine how much personalisation they should actually do.

So what was the advice?   Decide what data you’re going to collect, why you’re collecting it and agree across your organisation on how it’s going to be used before collecting it for the purpose of personalisation. Don’t ask your attendees any unnecessary questions as this will have a negative effect on their event experience.  And finally, explain clearly how the information they provide will bring value to their experience and that you’re looking after their data and privacy – especially with the upcoming GDPR. Click here to watch the full session.

Event Technology – What’s Next in Innovation?

This year’s show also saw the return of the Launchpad, a dedicated area for start-ups and providers of new event technology solutions – except this year, they also ran a pitch competition where providers had to battle it out in front of a panel of judges.   There were some very interesting applications of event tech, all designed to save time and enhance the attendee’s event experience in one way or another.  The winner was a web-based solution from Zenus which uses facial recognition technology to cut waiting lines and speed up the check-in process of attendees at events. When an attendee approaches a kiosk, their profile will pop up and a scanner can print their badges on the spot. Alternatively, you can place a tablet facing the line of people and attendees will be automatically checked-in as they walk.

Another noteworthy winner was Sciensio’s Concierge Eventbot solution which offers attendees an alternative to apps through a range of text messaging services, including agendas, directions, floor plans, surveys, polls and more.  We also saw a great staffing solution from Liveforce which promises to scrap the need for Excel spreadsheets when recruiting, scheduling, booking and paying temporary staff around events.  Worth checking out.

You can watch all the pitch presentations of the ETL2017 Launchpad competition here.

Want to be a tech-savvy event planner?  Sign up to the weekly EventTech Talk newsletter here and get advice and updates on the latest technology trends and discussions shaping the events industry today.