Posted on

Understanding GDPR’s impact on event data and helpful security tips

As more event organisers choose virtual venues to reduce the risk of spreading COVID-19, data privacy and compliance with regulations such as the European General Data Protection Regulations (GDPR) is a top priority for any organisation that collects data on individuals from the European Union and European Economic area.

GDPR is a legal framework enforced by the European Union in 2018 which sets out mandatory rules on how companies can use EU citizens’ data. Any company that collects data from EU citizens is legally obliged to comply with GDPR, no matter where in the world that company is located.

But complying with GDPR is challenging to event organisers who aren’t as familiar with global data privacy laws. Large-scale events such as conferences, summits, exhibitions, product launches, trade, and jobs fairs have confirmed their continued existence and allowed a seamless and engaging experience, on par with their physical counterparts.

What organisations need to remember, however, is the implications of collecting a vast array of rich, valuable, and sensitive data from participating attendees and businesses.

Virtual and hybrid events platforms draw data from areas that include the number of logins and a breakdown of new and active users. This data also covers sessions, providing metrics on the number of total unique views, video replays, total unique replays, how many users liked each session, and how many made notes per session.

It records how many registrations each session has, how many chats engagements took place, how many impressions the Q&As delivered, and more. Ultimately, this data enhances the virtual and hybrid event experience for attendees and helps organisers form strategies that drive ROI and the risk of non-compliance.

Failing to handle such data ethically and safely can potentially tarnish an organisation’s reputation, leading to difficulties in attracting new business and repeated transactions from loyal customers.

Also Read: There is a concerning lack of cybersecurity talent. Here’s how to tackle it

Additionally, the financial consequences can prove catastrophic.  Companies found to be non-compliant can be fined up to GBP20 million (US$20 million) or 4 per cent of annual global turnover (whichever is greater).

To this day, there have been 281,000 data breach notifications, and GBP45.3 million (US$332.16 million) of fines imposed for a wide range of infringements across all European Union member states, with Germany and the Netherlands topping the table, closely followed by the UK.

Across many EU countries and the UK, the money collected from non-compliance fines is brought back to the community and used to fund public services, just like tax revenues.

On top of this, new data protection regulations are coming into effect on a global level, such as the California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Proteção de Dados (LGPD), and South Africa’s Protection of Personal Information (POPI).

Maintaining compliance with regulations around virtual events is, therefore, a complex undertaking, and there are a few key areas that businesses need to consider.

Here’s a list of GDPR issues that event planners need to be aware of to remain in compliance with the regulations:

Attendee consent

It’s crucial that organisers actively seek consent before collecting any attendee data. The agreement should be easy to access and as simple to understand as possible for attendees.

Event registration

Capturing data in the event registration form helps build a database of all event attendees. Under GDPR, organisers need to keep EU attendees’ Right to Privacy and be selective about the information the form asks for.

Data sharing

Event planners are obligated to disclose to attendees where their data is being shared for what purposes. They must also provide access to personal data for any attendee that requests it and fulfil any attendee’s request to transfer it to another data controller.

Data breaches

Cybercrime is an escalating issue, with stories of breaches regularly featured in the news cycle. If event data is breached, the organisers must notify the relevant authorities and affected attendees within 72 hours of becoming aware of it.

Opt-outs

Under the ‘Right to be Forgotten’ event, attendees have the power to opt out of marketing activities that use their data and can request that it be wiped from every database. Planners must honour these requests.

Also Read: How companies can manage data privacy in hybrid and multi-cloud work environments

Essential GDPR security measures

In the age of GDPR, there are three essential security measures event organisers should consider:

  • Regular security system checks and updates: Checking and applying software updates to security systems as regularly as possible will help to ensure vulnerabilities are mitigated and the chances of a data breach are minimised.
  • Regular audits and certifications: ISO 27001 certification helps ensure that your IT systems are standardised and secure, making compliance much easier to achieve. Storing and processing data requires any business to follow other standards too. Each system you use to work with event data must adhere to these standards and comply with audits.
  • Upgrading security systems: While we’ve already covered the importance of keeping security systems updated, event planners should also consider upgrading to the newest and most technologically advanced security systems when the budget allows. This means you will have access to get the latest and greatest protection to help with compliance.

Looking ahead

While virtual events were initially integrated out of necessity due to Covid-19, a long-term online trend has emerged as businesses have recognised its value in a post-pandemic world.

As the events industry adapts to these virtual and hybrid models, potential data regulation hurdles and processes can be eased by following the above considerations and three steps to better security, alongside choosing a platform with high-security standards, built-in data collection, analysis, and management capabilities.

While setting a budget and auditing the security process may be time-consuming, the investment is considerably less than the risks to reputation, fines, and non-compliance.

Considering the ubiquity of virtual events now and into the future because of the benefits and convenience of offering a remote option confers, the sooner organisations codify their security standards with event planners, the easier it will be to protect organisations from data breaches and privacy violations.

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic

Join our e27 Telegram groupFB community, or like the e27 Facebook page

Image Credit: rawpixel

The post Understanding GDPR’s impact on event data and helpful security tips appeared first on e27.