The upcoming new regulations for data privacy are stirring things up across the world, as the European Union is gearing up for a massive increase in regulations to protect personal and sensitive data for its citizens. The law concerns all personal data (name, email address, photo (…)) or any other information that can be used to identify the person. Among personal data some are sensitive such as religion, sexual orientation, health information, social security numbers, etc.
In particular, the European Union is about to standardise its intra-community data protection regulations, through the General Data Protection Regulation (GDPR) coming into effect on May 25th 2018.
Affecting all global legal entities handling data of EU citizens, GDPR is an attempt to control the data collection excesses within a highly connected world. In more detail, these new regulations constitute the biggest change to data protection in the last two decades, aiming at standardising how every company, association or legal entity uses, treats and markets personal information of any individual living in Europe.
For de-centralised organisation structures as well as or the use of non-standardised technological capabilities, safeguarding compliance and ensuring each digital tool used that stores personal data is managed appropriately become a serious challenge. On the other side of the coin, where organisations have a standardised list of tools which handle contact information, it is crucial to guarantee these tools are GDPR compliant.
What are the key areas of GDPR
Operating in a highly digital era, a growing number of digital systems are used for data handling processes. Therefore, GDPR mainly focuses on the key topics of handling particular sensitive data (e.g. personal, booking, financial and health data) and aims at ensuring:
The importance of Data handling & revision
To ensure compliance, it defines main responsibilities and processes to assure data protection within data processing entities. These entities are either classified as data controllers or data processors. Data controllers are responsible for ensuring the GDPR compliance of the entire process of data collection and handling, whereas data processors need to ensure GDPR compliance only for their own systems and processes.
The impact of GDPR on the events industry
GDPR will affect every communication and business practice, including email, data storage, file transfers, print processes, etc. In addition, the acquisition of leads and the collection of personal information will go through a significantly change. Marketeers, event managers and event sponsors alike will no longer be able to simply get or use personal contact details of clients and prospects, nor will they be able to initiate any type of contact or marketing tactic without consent. Once the the new regulations come into force, more attention will be focused on how organisations acquire information and processes it, in particular for marketing purposes.
It is inevitable that GDPR compliance will have an impact on the way event agencies as well as other entities across the globe operate and process EU consumer data. MCI Group is highly committed to security and on the way towards full compliance with strict data protection regulations.
For more information on GDPR, please contact Anne Lesca, MCI Group Data Protection Officer, at firstname.lastname@example.org.