The meetings industry is facing new challenges in 2018, and security is quickly becoming one of our biggest challenges. Security flaws in browsers seem to be in the news all the time, and data breaches seem to be on the rise.
As we hear about these challenges and problems, it is useful to reflect on the state of our industry and what we are doing to face these challenges head on.
This focus on data security is being amplified by the upcoming enforcement date of May 25 for GDPR. Most event planners in the word have learned (or are learning) of the major impact that the General Data Protection Regulation is having on our industry.
In a nutshell, GDPR is a series of regulations focusing on protecting the data privacy and security of European citizens. Any business collecting personal data from any European Union citizen is held to these regulations, and the impact is significant. Large fines can be imposed on any organization found to be in violation of GDPR.
So, what is the impact on meeting planners?
GDPR protects the rights of event attendees with these key protections:
- The right to be able to consent (opt-in) prior to their personal data being processed and tracked
- The right to be forgotten (all personal data removed)
- The right to know what personal data is stored
- The right to know what third parties their personal data has been sent to
- The right to withdraw consent at any time
- The right to have data corrected whenever requested
GDPR affects meeting planners (the Data Controller) and their technology vendors (the Data Processor) and requires both parties to comply with GDPR.
With all these security and data protection regulations becoming so important to the meetings industry, it is crucial to look at your technology solutions and clearly understand what is happening with your clients’ personal data.
Are you using one platform for everything? Or, are you pulling in services from multiple third parties? Both are valid approaches to technology, but in light of GDPR, the situation is not as clear as they have used to be.
It is becoming critical to our business practices to focus on how third parties (multiple vendors) are viewing, accessing and working with your clients’ personal data.
Are you exporting databases to third parties for event services? Onsite check-in, access control, exhibitor lead retrieval, live polling, appointment scheduling and more are guaranteed to be accessing your attendees’ data.
Service providers such as hotels, transportation, food services, entertainment and many more are accessing reports and data for their work.
- Are you carefully managing access and tracking when data is shared?
- Are third party vendors tracked whenever you send them attendee information?
Remember, GDPR requires that you track and log whenever a third-party processor views, accesses or interacts with the personal data of your attendees. It also requires you to advise third party processors whenever an attendee requests to have their personal data forgotten or removed from your database.
Which brings us to the discussion of the enclosed event management ecosystem.
Vendors who provide most, if not all required services within a single enclosed platform demonstrate a commitment to data security.
Since all services such as onsite check-in, mobile apps and such are all sharing the same database, you are strongly controlling data access and security.
More importantly, the need to track third party vendor access to data is much easier to maintain. Not only are these ecosystems are able to track whenever a third-party vendor accesses reports or exports, they are also able to eliminate most of the data exports and data connections needed for third party services to operate.
Now, if you use multiple solutions for your events, this is not a strict recommendation to drop everything and find a new technology vendor. That’s not possible, nor is it practical.
With that said, you should be looking at your data environment and focusing on how data is flowing in and out of your core database.
- Is data used by third parties automatically synchronized back to your primary database? Or is this a manual process?
- When you supply reports and data exports to vendors, are you tracking the date and time of the data transmission? Are you logging who these third parties are?
If you do have concerns about your data security processes and are looking to change technology platforms, be sure to understand if it is a comprehensive all-in-one platform and how it addresses data security.
Understanding and managing the flow of your data has always been a crucial concern to meeting planners, but considering today’s growing focus on protecting data privacy, it has become more important than ever before.