<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1029501197232858&amp;ev=PageView&amp;noscript=1">

Lyyti Blog > "The GDPR doesn't concern us"

"The GDPR doesn't concern us"

GDPR, four small letters with a lot of weight. Currently they're causing bewilderment, curiosity and some sleepless nights at companies all over Europe. Everybody is talking about it, but not many know exactly what the practical application of the GDPR will result in.

gdpr(1).png
 

GDPR is the biggest change to date in the world of data privacy, and it's no overstatement to say it will affect all EU-citizens. Not to mention all companies! Every single person who lives in the European Union will have the right to find out exactly what personal information about them is stored in various registers. All of us have a right to request anonymity, that's when none of the personal information in store can be connected to an individual by any means. Keeping registers and using them for e.g. marketing purposes always requires explicit permission from the subjects in the register. Sounds simple enough?

What about the consequences?

The main jist of the GDPR seems fairly simple at first glance. I know many people who just shrug their shoulders and go "it doesn't concern us, we're not in IT", when asked about their GDPR compliance situation.

I wouldn't be so sure about that.

As you're reading this in a blog about event management tech, let's look at this hypothetical example from the everyday life of an event organiser:

Let's pretend you're about to host a nice get-together for your clients. You keep your guest list in a spreadsheet, like Excel. No need to invest in a costly event data management system, these things only happen once or twice a year. Then you ask your sales personnel to send you lists of their key accounts and most valuable prospects by email. The spreadsheet is updated and saved on the desktop. You grab your emailing software and send invitations to your guests - RSVP by email. Time to update the spreadsheet again, lots of new information in the replies...better create a whole new file, makes it easier to stay on top of things. And it's nicer to send a neat spreadsheet to the catering company downstairs, so they'll know what to make for the guests who have special diets.

A former client has ended up on the guest list, and he emails you with questions about what registers or mailing lists he's part of. The short answer is: all client data is stored in the CRM system.

The ex-client messages you back,wishing to be made anonymous. You remove him from the updated excel file. Easy! Why are people so worried about GDPR?

Had this caricature been a real-life situation, you would have had to remove the ex-client's data from all your spreadsheet versions, all mailing lists and all email communication, one at a time. You would have had to track down the catering people and asked them to remove him from any copies and printouts of the spreadsheet they might have produced. And so on. Failing to do so can be expensive, to say the least. A company that gravely fails to comply with the GDPR demands may face fines up to €20 million.

Our example may be laughable, but in fact it represents everyday life for many of us. The General Data Protection Regulation forces us to really think about where we keep our event data and how we handle it. Ideally, an event organiser could be in a situation where all separate bits of software and cloud services form a structure through which event data is managed and coordinated. It is, to this day, very rare to have that kind of infrastructure in place just for events.

Keep these questions in mind when managing guest lists and event registers:

  • Where, and in what format, do you keep your guest registers? (e.g. spreadsheets, cloud, event management software)
  • Do you share participant data externally or internally? How? (e.g. spreadsheets, email, online reports)
  • Does event data get transferred to other systems via system integration?
  • If a participant wishes to remain anonymoys or have all their data removed, how many separate places do you have to look? (remember every spreadsheet, mailing list, email conversation, printout...)
  • Do you request explicit permission for data processing, profiling and marketing purposes, when your guests register for an event?
  • Does that permission travel with the personal information to all other systems that are used for data processing?

 

If you're not sure about the GDPR and how your event registers measure up, do not hesitate to contact us! We can take a look at your event management process together and see if there's anything that needs to be done.

Free GDPR compliance assessment by Lyyti

 

Written by Tiina Kilpelänaho on 11-Dec-2017 17:02:15