The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.
The full text of the GDPR can be found here.
According to Article 4 of the EU GDPR, different roles are identified as indicated below:
We are fully committed to upholding the privacy and rights of our customers and their customers. The essence of the GDPR is in direct alignment with our core values of customer trust and data privacy. With that in mind, we are actively working toward defining our roadmap for GDPR to overhaul our systems and processes in accordance with the standards. We are committed to achieving GDPR compliance well before the May 25, 2018 deadline.
We enable our users at the account level to opt-in for real-time IP masking and unique Device ID blanking for all EU countries.
With data minimization principles in mind, we’ve made the following changes:
All these are required by articles 17, 30 and art. 32 para. 4 GDPR. This includes, for example, measures like:
Below are six steps you can take to prepare your team and your company for the GDPR deadline.
Get management buy-in and create awareness. Make sure all necessary stakeholders are involved in ensuring your organization is ready and knowledgeable about its GDPR obligations.
You need to figure out what personal data you already hold in the databases- how you collect, use, and store personal data. Update your external notices to end users and partners on how you will use their data.
You need to explain your users very clearly why you are collecting their information, how it will be used and ideally, how long you’ll keep their data for. If you’re sharing their details with sponsors and exhibitors, then you need to name those organizations.
Don’t forget that GDPR is all about giving individuals more control over the use of their personal information. Check all the rights here.
This is really key because it is essentially what can get your organization into a lot of trouble if it’s not complying with GDPR. GDPR requires all organisations to report data breaches to the ICO or other such authority if it’s likely to result in a risk to the rights and freedom of individuals
GDPR definitely puts security more front of mind when it comes to your event data. You’ll need to show that you’re doing your best to protect the personal information of individuals to minimize the chances of it getting into the wrong hands.