Preparing for the GDPR: What Event Organizers Need to Know

January 25, 2018

The European General Data Protection Regulation (GDPR) is designed to harmonize all existing regulations to provide a higher level of security for citizens of the European Union (EU). Slated to take effect on May 25, the GDPR will apply to any organization that does business with citizens of the EU, regardless of that organization’s location.

The GDPR includes regulations on the collection, use, transfer, monitoring, tracking and even viewing of personal data.

The “personal data” bucket is a big one and includes information you might not have taken into consideration. In addition to data points such as name, email, ID #, photo, location data and online ID (IP address, social media), it also includes any factors specific to physical, social and economic factors – in short, anything that possibly could be used to identify someone.

How does this impact the meetings and events industry? If you are an event organizer, chances are you may have at least one attendee who resides in the EU, even if your event is held in the U.S. or another non-European location. The GDPR will apply to collecting or sharing any personal data from EU-based attendees and sponsors.

Why should you be concerned? It’s not just about security breaches. If you are audited and fail to meet the criteria for compliance, you risk more than just losing business and goodwill. For non-compliance with administrative, processing or collection obligations, the penalty is either €20 million or a 4 percent fine on your annual global revenue – whichever is higher.

Some key points to take into consideration:

 

  • When structuring your event communications, including your website and registration, it’s important to be aware that you can no longer rely on implied consent. A general opt-in communications checkbox is no longer enough.

 

  • Consent must be freely given, specific, informed and unambiguous. This will require you to make a statement up-front (prior to the collection of any data) specifying exactly how and why the data will be used, what the terms of use are, give EU residents the ability to withdraw their permission and have their data erased at any time. People must then be given the choice to opt-in or to decline.

 

  • The GDPR applies retroactively to any existing data you may have on EU residents. You’ll need to classify, label and destroy old data – or proactively gain informed consent from each person for the specific uses you may have for that information.

 

  • It’s recommended that you check with any third-party suppliers you may be working with to learn their compliance plans. Work together with them on due diligence, investigate indemnification clauses with your legal team, and be aware that the level of data security will need to be increased across the organization and your events.

 

Chances are, compliance will be driven from a legal or security team within your organization. Most organizations will (or should) have a compliance director who is the main point of contact for disseminating relevant information and policy changes and ensuring GDPR compliance. However, anyone in a marketing function, including event managers, should familiarize themselves with requirements and best practices to avoid potentially costly mistakes.

The International Association of Exhibitions and Events (IAEE) will soon be releasing a whitepaper on the topic as part of its mission to inform members of changes in policy and law that may affect them.

Add new comment

Partner Voices
MGM Resorts is committed to fostering an inclusive and diverse culture, not just among employees and guests but also within its supply chain. The company prioritizes procuring goods and services from businesses owned by minorities, women, veterans, people with disabilities, LGBTQ individuals and those facing economic disadvantages. This commitment is integral to MGM Resorts' global procurement strategy.    Through its voluntary supplier diversity program, MGM Resorts actively identifies and connects certified diverse-owned suppliers to opportunities within its supply chain. The company is on track to spend at least 15% of its biddable procurement with diverse-owned businesses by 2025, demonstrating that supplier diversity is not only a social responsibility but also a strategic business imperative.    Supplier diversity isn’t just the right thing to do – it’s good for business. A diverse supply chain allows access to a broader range of perspectives and experience, helping to drive innovation, entrepreneurship and resilience, while strengthening communities. At MGM Resorts, engaging diverse suppliers ensures best-in-class experiences for guests and clients. Supplier diversity ensures a more resilient supply chain while supporting economic development in the communities in which it operates.   The impact of MGM Resorts' supplier diversity initiatives is significant. In 2023, these efforts supported over 3,500 jobs across more than 30 states, contributed over $214 million in income for diverse-owned businesses and generated more than $62 million in tax revenue. The story extends beyond the numbers – it reflects the tangible benefits brought to small and diverse-owned businesses, fostering economic empowerment in their communities.    MGM Resorts also supports the development and business skills of diverse-owned businesses through investment, mentorship and education. Through the MGM Resorts Supplier Diversity Mentorship Program, the company identifies, mentors and develops diverse-owned businesses to fill its future pipeline, while providing businesses with tools and resources to empower and uplift. Since 2017, the program has successfully graduated 105 diverse-owned businesses and is on track to achieve its goal of 150 graduates by 2025.     MGM Resorts’ commitment to supplier diversity not only enhances its business operations but also plays a crucial role in uplifting communities and fostering economic development. This approach reinforces the idea that diversity is a powerful driver of innovation and resilience, benefiting both the company and the wider community.