GDPR is upon us. With event professionals preparing for compliance for the past couple of years, it’s finally time for action. Event professionals have been planning and working towards being compliant so as to avoid any mishaps or penalties and ensure apt data security.
One key change that is brought about through this regulation is the sharing of responsibility among the data controllers and the processors.Data processors are the organisation that processes the personal data of the data subject while controllers determine the purpose of processing the personal information. In this case, event tech vendors are the data controllers and it’s your responsibility to ensure data safety and that it is being stored in a proper manner.
Here are 10 questions you must ask your event tech vendor post GDPR for this1. Have you updated your Privacy Policy yet?Providing a Privacy Note was a requirement from the beginning, even as a part of the Data Protection Agreement. However, an organisation that processes personal information is required to provide their Privacy Policy note in a set format as specified in the GDPR.Privacy Policy is a vital document under the GDPR because it lays down in a clear formatted way how to deal with the regulations and how the organisation is complying with it. It ensures that the data is being collected and used properly with proper consent of the data subject.As soon as the event tech vendors update their policy document, the better understanding the customers will get on how their data is being processed.2.Have you taken adequate measures for data protection?The main motive of the General Data Protection Regulation is to protect and safeguard the personal information of the European Union citizens. To ensure that the data is being protected then adequate technical and data mapping measures are required.3.Have you integrated the concept of consent across all your platforms?Consent is being heard and used a lot recently. Asking for consent from data subjects to opt in the services event tech vendors have to provide is an initial step and one of the principles being followed-up of GDPR.Consent, as specified by the guidelines must be written explicitly in a simple language easily understandable and must be incorporated in all the event-tech related platforms where any personal information of an individual is being requested for.Make sure all the websites, mobile applications, registration forms, contact us forms, etc. have been updated by the event tech vendors.4.What about the event app? What permissions will the app require and why?The ongoing trends in event tech industry also include a vast purchase and use of event app for better user experience. So the next question which can be asked to your event tech vendor is what measures have they taken in order to make the event apps compliant? Event apps, when installed in the mobile devices, ask for certain permission and access like access to media files, storage, contacts and so on. The user must accept the terms and read the Privacy Policy and Terms of Use before using the apps.5.Where is the data stored? Are your servers secured?It is your event tech vendor’s duty to inform you about the data security and where is the personal data is stored. They must store data on secure servers that are also GDPR compliant. You as a customer have a right to ask for GDPR compliancy of the servers where the data is hosted.For example, if the data is being hosted on US servers, those must adhere to the EU-US Privacy Shield.6.Do you share your data with third parties? If yes, what are they?According to the new regulation being enforced by the EU government, data subjects have the right to know how their data is being processed and who has the access to their personal information.Event tech vendors have ties with certain third-party organisations that help in the effortless management of data and provision of services. For example, there are certain software from which emails can be blasted to the attendees of an event. So, in this case, that software is a third-party.7.Do these third parties take apt security measures to process the data?It is crucial to acknowledge that the third-parties which are tied up with your event tech vendors are GDPR complaint or not. If they are, the next question arises whether they have all the required security policies in place to process the personal data of the user.What you can do in such cases is ask for certifications of their security standards, analyze their methodologies of processing the information. The data subject has all the rights to opt out of sharing its information with the third parties.8. Is your team GDPR ready? Has the staff been trained?GDPR might yet be unheard by many employees of a huge organisation. But this doesn’t mean they shouldn’t know. The entire team of the organisation especially the IT, sales, and marketing team must have an in-depth knowledge about the subject because here the major information is used.According to GDPR checklist, one of the points was to ensure that the organisation is well-aware of the new changes being carried out and why. You can ask the same question to your event tech vendor whether all the members of that tech organisation is up to date with the new policy and principles of General Data Protection Regulation.9. Do you have systems in place for providing data access to users?By the 25th May, when the GDPR is coming into enforcement, all the organisations are required to have a system designed which they can follow when a data subject/attendees request data access or data portability or the right to erasure of their personal data.Event tech vendors must have such system in place in the case during an event or after an event is over, attendee wants to opt-out and requests right to erasure.10. Have you taken proper measures for cross-border data transfers?Cross-border transfer of personal data is one of the crucial concerns of the GDPR. To manage such transfers an organisation must opt for proper frameworks and security measures and encryption so that the data is secured.You must ask your Event Tech Vendor whether they have such security measures and regulations in place to safely transfer the personal information.Event Tech Vendors play a vital role in being GDPR compliant and gain the trust of attendees in terms of securing personal information. GDPR has given various rights to the EU citizens and they can use them to opt-out at any moment.Know more about us here.