Experts Explain a Practical Approach to GDPR Compliance Regulations Follow Widespread Breaches of Data Privacy by Cynthya Porter
illed for the better part of a year as an impending calamity for every business with a customer database or even a drawer full of business cards, the official implementation of the General Data Protection Regulation (GDPR) on May 25 was met more with head-scratching than anything else—particularly for businesses outside of the European Union that were trying to decipher whether they needed to care about GDPR or not. After all, the new rules for handling personal data were not exactly a short read at 261 pages, 11 chapters and 99 Articles, and while virtually everyone in the free world had heard the GDPR acronym by the time it was enacted, comparatively few knew exactly what the new regulations meant. The short answer is that if
a company does no business with anyone residing in the EU, then it is not affected by GDPR, which is entirely constructed to protect the private information of EU citizens. However, if even one person on a company’s mailing list is an EU citizen, then the regulations are technically supposed to be followed. For exhibitors collecting attendee information on the show floor, the rules are almost certainly in effect due to the likelihood that residents of the EU will attend a show. And for companies from the United States who want to exhibit overseas, Rob Brazier adherence to the new policies is crucial. But what exactly are those regulations? For those still wondering, a handful of experts have broken it down into bite-sized bits.
According to Peter Gillett, CEO of Mobile Lead Capture app creator Zuante, the concepts of GDPR are simpler than the 261 pages would imply. “The whole idea behind GDPR is to ensure that contact data is retained and used in the way that individuals require, and also to make sure that their privacy is maintained and that information is not used by other third-party organizations for any purpose,” Gillett says. In practical application, GDPR regulations are multipronged, explains Rob Brazier in his blog for London-based event contractor Rapiergroup. “GDPR compliance is basically a three-stage process,” he says. “First, there’s data hygiene—checking to see what you’re holding, how you
got it and how you’re storing it.” Once that assessment is complete, a company must evaluate and justify what data it is collecting from individuals and it must create a storage architecture that keeps the information secure but easily accessible for those who request it be removed. “The way we collect data at events needs to become more secure–think less ‘let me take your card’ and more ‘let me put this on a tablet and screen-lock it.’ It’s going to be a little more cumbersome, but the point of GDPR is to make data handling a priority for businesses and ensure that we treat our contacts’ data with the same care we’d demand for our own,” Brazier writes. These regulations were adopted after widespread
58 September/October 2018 Exhibit City News
8/22/18 9:44 AM