The GDPR strengthens and guides the protection of personal data collected and processed by companies. This concerns events as well, for at least 4 reasons...
The European GDPR (General Data Protection Regulation) has been in full force since 25 May 2018. It obliges every private company and public authority to strengthen the protection of their customers’/users’/employees’ personal data, improve the overall transparency of how this data is processed and declare what it is being processed for. VO has of course anticipated the enforcement of this regulation. For several months, the agency has been engaged in a process of conformity that is essential for at least these 4 reasons.
No event without data
In the course of its event activity, VO processes a mass of attendee personal data. One of the regulatory obligations was to make it a priority to establish a record of how this data is processed. In late 2017, this catalogue was defined, and the categories of personal data processed by VO, and the purposes for which it is processed, was formalised. In addition to the basic data that makes it possible to identify people, the arrival of digital technology in events extends the concept to other dimensions, beyond first names, surnames or addresses. This is because a great deal of additional data is collected via the registration site and at the event. Personal data is not just an entry in a list, but photos, videos, cookies, social media preferences, etc.
The obligation of total transparency
The big innovation with the GDPR is its requirement of total transparency regarding the use that is made of personal data. The regulation requires users to be given a privacy charter that informs them of the way in which their data is processed once it has been collected, and why it was collected at all. This is so that the attendee knows whether, outside of the event, the client will use it for other purposes such as direct marketing or sending advertising. The same applies to images at an event - everyone must know that photos and videos are being taken, and that they have the right to access them and decide how they are used - or indeed that they are deleted. This transparency also applies to the algorithmic use of data by a chatbot designed to personalise the attendee experience at an event.
A change in the way of thinking
No longer can a company do what it wants with personal data, and anyone can exercise their rights over it. This changes the relationship between the client, the agency and the participants at an event. Therefore the approach requires a change in the way of thinking and an awareness of the teams to which the current compliance process fully applies. In every stage of a project, personal data has now become a priority issue.
Rigorous adaptation to the GDPR goes hand in hand with increased IT security. Besides the management of data, there is the matter of its protection. In the event of a failure in this regard, it is the absolute responsibility and duty of the client and VO to inform the consumer, attendee or employee. Whenever personal data is altered, destroyed, hacked, or falls victim to a cyber attack, those affected by the situation must now be systematically informed. VO has modelled and implemented new technical/IT systems and measures to prevent this kind of misadventure. It has secured its systems, along with transactions and data transfers at every level of the company; members of staff must understand the importance of knowing how they receive, send and collect the personal data generated by their activity and make the correct and GDPR-certified use of it.