6 key questions to understand GDPR for meetings and events: Interview with Nicola Rossetti.

May 3, 2021

As soors.it and aventri partnered to co-brand an in-depth publication for meetings and events, we met with Nicola Rossetti, former VP European Market at aventri to further understand the impacts of GDPR.

Nicola, what is the GDPR and why Event Management Software are impacted?

GDPR (General Data Protection Regulation) was voted in 2016. By design, events and meetings do capture and manage a large amount of personal data with multiple technologies involved throughout the cycle. GDPR becomes a key disposal for most organizations. aventri as an EMS (Event Management Software) is considered a “Data Processor” and the organiser is the “Data Controller.” The role of the Processor (who does not own the data) is to help the Controller (thank to policies, features, data management tools, security layers, etc..) to become compliant.

What is the risk if meeting planners don’t comply by then?

Secondly, it often goes beyond the planner’s role: GDPR aims to certify you (as a company): how do you secure, manage and track your data (and ask consent from the participant). It is likely that this data will not remain solely confined to the meetings and events database of your business but will flow to other software. Thus, GDPR must be handled globally by your organisation. 

The risk is real: even before GDPR, the regulators (ex ICO in the UK) already fined in 2016 a dozen of charities, and a major telco player with a 400k £ fine! GDPR broaden and align practices throughout Europe and give more legal power to each local regulator to enforce it. Examples will be made and the fine cap is unseen: up to 20 million Euros or 4% of the global company revenue, whichever is greater. you don’t want to be the one responsible for your company’s fine! 

Is GDPR only a concern for European Businesses?

No, it applies to any business that captures EU citizen data, regardless of their location. It is certain that it makes it more challenging for the regulator to pursue a company headquartered abroad, but at a minimum, it puts the company’s European activities at risk. 

What are the key aspects of GDPR and how do they relate to the meetings and events activity?

Good question: GDPR could very well be called “Data Transparency Act”: it aims to provide each European citizen more rights and ownership of their personal data : Privacy is by default, no more opt-in without express consent. GDPR also strongly condemn lack of security or data breaches: you need to make sure the data is safe. You must work with vendors that have robust security policies. Finally, you need to be able to isolate and retrieve any Dataset related to a given citizen if asked. Of course, they are many more aspects, but you can see how it can impact a registration form, how a planner acquires the consent onsite, or impact on lead retrieval and badge scanning, etc.

Is there a cost associated with GDPR?

Yes and no. No in a sense that for example aventri will not charge to provide the tools and the processes / policies a client needs to comply with GDPR. But the efforts, the bandwidth (including having to nominate a DPO – Data Protection Officer) or the legal fees for large companies seeking advices and or certification can be significant, depending on how good their existing process are compared to GDPR requirements. Finally, the main question (and it will vary from business to business) may be the impact on the marketing activity and thus the company bottom line.

What advice would you give to event planners?

Their role is mostly to understand their data structure and workflows and how under GDPR they will acquire the participant consent, while disclosing how their company intends to use that data. This is very new for planners, forcing them to make a leap into technology and become more tech savvy. But they mustn’t try to do it all by themselves. It is easy to get overwhelmed by the complexity of a law text to determine its concrete applications to achieve compliance. While a law is subject to interpretations, they are clear guidelines that need to be implemented. The planner should work with his/her organisation technology group, seek legal and expert advises and work closely with his/her DPO (the company Data Protection Officer).

 

My final advice? read the great eBook soors.it and aventri have designed to help you navigate and understand the impact of GDPR

 Download the eBook now

 

 

 

soors.it is a comparative tool listing all-in-one virtual event platforms to help event planners compare and choose the right technology and software that meet their virtual conferencing and meeting requirements.