By: Alex Jones (www.eventindustrynews.com)
GDPR regulations require compliance by both data controllers and data processors. In the case of meetings and events, the company hosting the event (data controller) must show how they’re complying with the new regulations. And part of that responsibility is making sure that the tech vendors that process data on their behalf (ex. Registration systems, event management software, mobile apps, surveys, networking tools etc.) are also fulfilling their legal responsibilities.
- Where is My Data Hosted?
Hosting and sharing data within the EU is legally not a problem – as long as your event tech providers meet the new requirements. If your data is hosted in servers outside the EU, then you need to ask them what steps they’re taking to ensure your data transfers are compliant.
- Who Has Access to My Data?
Find out exactly how your supplier is using your event data. Find out who has access to it and where they’re located. Find out if they subcontract any part of your data processing to third parties (ex. Customer support) or if your data is accessible through other countries or legal entities within their own organisation
- How Does Your System Allow Us to Obtain and Store Consent?
GDPR requires you to record and access the consent you get from individuals when collecting their personal information. Your registration system, for example, should be able to store the date and time and IP address an attendee used when ticking a consent box – which means you can always prove how, what and when that consent was given.
- How Does Your System Help Me Delete Personal Data?
Find out how your event tech system will help you delete personal data – and whether it is deleted in back up servers too and how quickly this is done. Make sure they confirm in writing whenever they do this as this will give further protection.
- How Does Your Organisation Comply With GDPR?
Ask your tech suppliers how they themselves comply with GDPR. What is their understanding of the new regulations? How important is data security for them as an organisation – do they follow best practices?
Having the answers to these questions will protect you from any unpleasant surprises in the future.