What better way to learn all about GDPR than attending workshops and panel debates? We’ve just chaired a GDPR talk in London and here’s a summary of the day.
What is GDPR exactly? (I’m aware of it but always struggle to articulate it properly)
The General Data Protection Regulation (GDPR) will come into effect on 25th May 2018. This new data regulation constitutes the biggest change to the data protection regime in the EU since the 1995 Data Protection Directive. It will change how organisations collect, arrange, store, use and share data. The video from this article tells you a lot more.
How will collecting, processing and using data change the way I work?
You’ll need a new mindset and a more informed approach towards data management. In a nutshell, the key will be:
– Choose quality over quantity
– Adopt minimisation approaches
– Ensure transparency
– Put your customers first: gain a truer view of what they want, create a great experience for them
– Do what is right
What does GDPR mean for the events industry in particular?
The events industry uses so many different data collection tools to gather and analyse information on attendees that the amount of data accumulated is growing at an exponential rate. This new European legislation brings in many fundamental changes to how exhibitors and event organisers collect, store and utilise event data.
The new regulations require the industry to maintain records of the personal data held, where it came from and who they share it with. Current regulations require event organisers and exhibitors to give out certain information when collecting personal data, such as how they intend to use this information, yet the new regulations bring with them a much larger list of requirements.
GDPR also means the events industry must explain their lawful basis for processing the data and divulge how long they plan to keep the data. This will require a privacy statement and retention policy.
What can I do today to implement GDPR in my firm?
Here are 7 actionable steps to GDPR:
1. Organise an internal meeting and form a focus group
2. Create awareness
3. Conduct gap analysis
4. Build a business case and roadmap
5. Start executing your plan and implementing change
6. Test, test, and test again
7. Embed privacy into the culture
How much do I need to invest to become GDPR compliant?
Taking steps to become GDPR compliant can be expensive, especially when training staff to ensure they follow protocol and changing old legacy systems. We see a lot of negativity around this at the moment, which doesn’t help. But what about the incredibly positive effects it can have at every level of your organisation?
For forward-thinking companies, GDPR could be the driver of positive change – a unique chance to break down barriers in organisations that operate in silos. To be fully compliant there must be one single view of the customer in a central location and the organisation must all be speaking in the same terms. This is in fact the foundation needed for efficiency and innovation.
What if my organisation fails to become GDPR compliant?
Any organisation collecting and processing data on European citizens falls under the new regulation. Event companies which have any kind of touchpoint with EU citizens will need to adhere to the GDPR.
Organisations not able to show they are complying with GDPR principles face large fines of up to €20m or 4% of annual worldwide turnover.
Will GDPR still be around after Brexit?
Definitely. Even post-Brexit, UK businesses offering services to EU citizens – regardless of whether they hold any data in the EU – will have to adopt more stringent rules than the ones currently imposed by the UK Data Protection Act.
GDPR sounds very challenging. How can I turn it into an opportunity?
The changes needed to modernise your organisation (and the wider industry) and achieve the single view of the customer may seem like a huge undertaking – but disruption in the technology world is often positive and GDPR should be viewed in this light.
A great example of this is from accommodation company Airbnb. By taking major steps (procedurally and financially) to secure their customers’ private data, the brand power gained was immeasurable.
Finally, can I really drive innovation with GDPR?
You certainly can. Trust is key to business growth. Reviewing and investing in data management policies will not only protect your data, but the transparency you provide to your customers will ensure that they feel comfortable handing over their data to you.
GDPR will require you to have a more concise and clearer view of the data you have and what it has been used for. This gives you an opportunity to not only create content that is relevant to your target audience, but also create more beneficial products and services for your customers.
At Acrotrend we believe in the three T’s – trust, transparency and targeted. Ensure your customer trusts what you do with your data, by creating transparent processes that reach targeted customers and safeguard your data is cleaner than ever.