It’s been six whole months since GDPR came into effect! Too busy soaking up the summer to notice the game-changing impact of the new approach to data? Yep, the season that kept on giving was pretty distracting, so if you’ve lost track of all things data protection, don’t panic – we’ve got this.
The General Data Protection Regulations became effective on May 25th 2018 (around the time of the Beast from the East – when you spent most of the day trying to work out exactly how many pairs of woolly socks it was possible to wear in one go), and were set to impact the way we gather and process data and the ways we can communicate with our delegates. But nobody was quite sure how far the new guidelines would stretch and what the true impact would be for #EventProfs.
So, six months on – how have the new EU-wide regulations impacted the industry?
Has GDPR Impacted the Event Industry?
The overall feeling is that the new rules have set a much higher bar when it comes to data security. Since May 25th, you should have seen a significant drop in the amount of junk email you receive, and a much smoother system to allow you to unsubscribe from communications you’re no longer interested in.
But it’s not all about emails. All of your personal data is now protected by the new regulations. Personal data qualifies as any data that could be used to identify you – from your National Security number to your email address. You’re now entitled to request a full report about the data any individual company is storing about you, and if you would like, you can ask them to remove that data from their system completely. That means that as individuals, we have much greater control over our own data, and as professional #EventProfs, we have to be a lot more cautious about how we gather and process people’s data.
It’s also worth noting that since the regulations came into force, there have been several conversations about implementing a similar system in the United States, but no formal announcements have been made yet.
So far, there have not been any publicly significant cases of #EventProfs being investigated or fined for data breaches, but the industry is covered by the regulations and they do need to be carefully upheld for data gathering across all live events.
You can read the full GDPR regulations here (but be warned, they are 88 pages long).
Did GDPR All Go to Plan?
Not exactly. One unexpected consequence of GDPR is the worrying issue that thanks to new anonymity protection, some cybercrime has become harder to track and restrict. As a result, it’s more important than ever to be aware of online security for both you and your delegates.
Have GDPR Regulations Been Strictly Enforced?
Before the regulations came into effect, there were several question marks around how strict the enforcement bodies would be. In the last six months, they’ve demonstrated that they mean business, with a number of investigations being launched into misuse of people’s personal data. Only data breaches that have occurred since the new regulations came into place can be investigated. Facebook and British Airways are said to be among companies who are being investigated over security breaches.
What are Team Noodle doing to help clients adapt to GDPR?
Team Noodle took a break from creating great apps for events and RFID name badges to fill you in on the changes they’ve seen in the industry.
For Team Noodle, it’s given us a great opportunity to formalise the ways we work with data protection and to tighten up our systems. Before we start getting into the detail of an event, we always have a kickoff call with the client and we talk them through the process of how data should be shared. Many of our clients are not fully aware of the GDPR regulations and this helps them to have a better understanding and to avoid errors on the day. If any small errors are made, we keep a log of them and talk them through with clients afterwards so they understand how to avoid them in future. It’s always a learning curve, but there are lots of ways to help our clients make it more manageable.
Head of Events
Our technology consultation team discuss GDPR with the client in the sales process. That means our clients are briefed before my team even talk to them. When we do, we’re reinforcing the points and going into more detail on how we can help. That’s really helpful because it means we are all on the same page right from the beginning.
We suggest clients keep a log of any situations where the regulations may have been breached, but with all of our new procedures in place, we haven’t had any major incidents.
In many ways, the new regulations have been good for the industry. GDPR has given us a chance to think carefully about the way we work and ensure all of our systems are up to scratch. At Noodle Live, we deal with data every day, so we spent a lot of time preparing ourselves in the run-up to the new regulations. We implemented a lot of new internal processes and systems to ensure that it becomes second nature to handle data responsibly. I think it’s been a bit harder for some our clients who don’t handle data all the time and don’t have set procedures, so we’ve also implemented ways to support our clients through the new changes. We’ve had a couple of unencrypted data sets being sent to us over email and a few unprotected passwords, but as a data company, it’s our role to help prevent those hiccups and maintain the highest level of security, so we’ve worked out ways to educate people and make life as simple as possible. It’s usually a case of lack of information and awareness, which can easily be solved with a quick consultation and some suggested ways of working.
Our development team have built a secure form for our clients to upload their data to, so they don’t have to send their data via email and they don’t have to encrypt it and password protect it. The system allows clients to simply upload their data in an excel file to an online Google-style Form, the data comes through to us and we get an email notification. We’re told which of the team it’s for and are also shown a quick message about the data, so we can ensure that it gets to the right person and that only they can access it. I think that’s been really helpful if the client is worried about sending data and is keen to implement as much security as possible. It’s as simple as sending them a link to a secure form and it provides a lot of peace of mind on their end.
We’ve been busy developing several tools to make the process of managing Personally Identifiable Information (the form of data that is protected under GDPR) much easier for our clients. That means a much lower margin for human error and it also makes life a lot easier for everyone. The new regulations have helped us to get really hands-on with data security and ensure we are working to a really high standard.
In the run-up to GDPR, we put a lot of thought into the ways we send and receive data. Previously, clients would often send us data in excel docs over email. These days, we’re helping clients to be much more security aware and to think about encryption and password protection. Because we handle data every day, we’ve always been very cautious, but GDPR has allowed us to stop and think about the processes we use and to create really clear rules that work for all of us.
We keep a log of any data breaches that occur while preparing for an event or running the registration system for our clients. It’s quite a good way to let clients know that they have to adhere to these rules by letting them know that we will have to log them and report them to our DPO, in the nicest way possible of course!
Senior Event Technology Consultant
At Noodle Live, we always try to make our data points really appealing, so people want to interact with them rather than feeling forced to do so. As an unexpected consequence of GDPR, we’re seeing a rise in ‘opt-in fatigue’. To minimise this, we work with the idea of data currency. We advise clients that to encourage data collection whilst remaining GDPR compliant, it’s better to offer an incentive for people to give you their personal details, like a data quid pro quo. For example, you could give out session content or further information when wanting to capture an attendee’s data.
Looking for more information about GDPR? The Noodle Live blog is always a good place to check for the latest news and information about event tech! When we’re not busy building our apps for events or constructing cool RFID name badges, we’ll keep you up to date with trends and news from the industry.
Got a suggested topic you’d love to know more about? Give us a shout @NoodleLive