March 2017 Data Protection 17
GDPR to impact event registration
RefTech chief ideas officer Simon Clayton says get ready for new EU data protection rules
EU data protection rules are set to become much stricter in 2018 , and many of the somewhat careless data practices about openness , transparency , and accuracy which have been allowed to slip through previously will no longer wash . The year 2018 may seem like a long way off , but is only next year . So do start reviewing your data practices now to give enough time to implement any required changes . Good data protection practice in event organisations starts at the source : the event registration process . One of the core principles being addressed in GDPR ( General Data Protection Regulation - the European Union ’ s new data protection regime ), goes beyond ‘ privacy by design ’ to require ‘ privacy by default ’. Anyone dealing with data will need to get into the habit of capturing the minimum amount possible , while also shifting control over
' For eventprofs , the watch words for the new data protection regime are clarity and consent '
the use and retention of that data from the organisation collecting it to the person the data is about . Another GDPR principle to get into the habit of honouring is that you must supply a legal justification for any personal data you collect in the event registration process . ' We need it because we need it ' is no longer sufficient . This justification must be explained to delegates at the time of registration . If an event insurer requires you to ensure that all attendees are over 18 , then you may have to collect dates of birth , so be sure to explain this , with the legal justification , in your registration T & Cs . For eventprofs , the watch words for the new data protection regime are clarity and consent . You must ensure clarity in the information you collect as well as the information you provide , and you must secure consent at all stages of your event . The new regime will require a change in mindset as well as everyday practices , but it will ensure a more responsible playing field for both organisations and individuals in the long run . While the future of data protection law after the UK fully leaves the EU remains unknown , the fact remains that the exit is still many years away . In the meantime , the UK ’ s Information Commissioner has confirmed that the UK will go ahead with implementing GDPR into our own national regulations regardless of the Brexit vote . Any post-EU data protection regime the UK may come up with would have to be equivalent to GDPR in order for the UK to continue trading with the EU , so GDPR is here to stay , although is not being enforced until 25 May 2018 . This gives you plenty of time to adapt your business processes into full compliance . Use the time wisely .