As 2018 approaches, the European Union's GDPR, or General Data Protection Regulation, is on the minds of event planners not just in Europe, but around the world.
In case you don't know about GDPR, simply put, it is a new set of regulations intended to give the power back into the hands of EU citizens over how their data is processed and used. Under the new regulations, EU citizens will be able to request that businesses delete their personal data, among many other requirements related to consent and privacy. The deadline to comply with these regulations before being subject to a fine is May, 25 2018.
While there are several resources out there that tell you what the regulations are and how to comply, there are also many misconceptions out there that are specific to meeting and event planners that they need to know about heading into the new year. Read on to learn more about these common GDPR myths or take a look at our infographic below.
1. Myth: "I don't have to worry about GDPR, because my business is located outside of Europe."
Fact: The location of your company headquarters, offices or meetings/events is irrelevant when it comes to GDPR. At any time, if you collect an EU citizen's data outside or inside the EU, you are subject to comply. A person's citizenship status isn't always obvious, so it may be a good idea to include citizenship as a required information field in your event registration form.
2. Myth: "GDPR is only for large businesses and organizations."
Fact: Again, the size of your organization or meeting/event doesn't matter. If you're collecting data from an EU citizen, you need to comply with GDPR.
3. Myth: "I only plan internal meetings, so GDPR does not apply to me."
Fact: From the largest conferences and trade shows, to the smallest meetings inside and outside your organization—you guessed it! Every sized meeting involving EU citizens is subject to GDPR.
Recommended Resource: Learn more about the impact of GDPR on the meetings and events industry with our latest eBook GDPR for Meetings and Events: What your event tech provider can do for you.
4. Myth: "I have to delete all information about an EU citizen if asked."
Fact: GDPR mostly relates to personal data (name, title, location, etc.), however data related to certain types of transactions, payments and invoices you cannot delete for audit and tax purposes. What you can and cannot delete needs to be relayed to the person requesting the removal of their data. This is why it's important to go over the consent and disclosure elements of the new regulations.
5. Myth: " We have excellent data security, the GDPR regulator will give us a warning without a fine."
Fact: There's so much more to GDPR than data security. If you're concerned about the specifics, consult with your tech providers, IT department and especially your legal team. Also, you should take the GDPR penalties very seriously; the fine is 4% of your annual global turnover or €20 Million—whichever is greater!
6. Myth: "I don't have to worry about complying with GDPR until May 2018."
Fact: This is perhaps the biggest misconception. While the deadline to comply is several months away, event planners should be taking steps to meet the GDPR today, especially since registration for several 2018 meetings and events is already up and running. Reach out to your event management software provider to learn more about what they're doing to comply and how they can help you navigate through the many GDPR specifics.
Disclaimer: This document is intended to convey general information only, and should only be used as a starting point in your understanding of issues relating to GDPR. This is not intended as legal advice, nor is it meant to convey legal facts or opinions. The contents of this document should not be relied upon in any particular situation, and the information presented here is not guaranteed to be correct, complete or up-to-date. No action should be taken in reliance on the information found here, and Aventri disclaims all liability with respect to any acts or omissions based on the contents of this document. You should consult a licensed attorney or regulatory expert to discuss your specific legal, compliance and GDPR-related issues.