Don’t worry, it’s not a trick question! But it is an important one.
You may have seen the term ‘GDPR’ as you scrolled through various news feeds, along with a vague warning to make sure your business is compliant. But you were too busy to click on the full story just then, so you resolved to find out more later on.
If this is you, we know the feeling! But this EU regulation (yes, it does still apply to the UK) is going to affect most companies. Since we don’t have all that long to prepare for it, we thought we’d bring you nicely up to date in one handy blog post. Not only that, we’ll tell you about how exhibiting your business can actually help you along the way to compliance!
Are you ready? Then let us enlighten you.
What is GDPR, anyway?
An easy question to start us off with. The EU’s General Data Protection Regulation (GDPR) is a new regulation that will govern how businesses handle and protect the personal data they collect. Effectively, we will all have more rights regarding our own data.
When will it become effective?
From 25th May 2018. You’ll need to ensure your company is compliant beforehand, so it’s not as far away as you might think!
What will I need to do?
Firstly, you’ll need to keep records of all personal data – along with proof that individual consent has been given. You’ll also need to show what you intend to do with the data you’ve collected, where it will be stored and how it will be protected.
The GDPR differs from the current Data Protection Act in its definition of “personal data”. The extended definition includes categories that include computer IP addresses and genetic make-up. In short, absolutely anything that could be used to identify an individual person will count as “personal data”.
So if you collect business cards, sign-up or feedback forms for example, the new regulations will apply.
What are the implications of not complying?
As well as complying with the regulations in full, you will need to ensure you report any incidences of personal data being stolen within 72 hours.
Non-compliance could lead to fines of 4% of global turnover, or up to €20 million – whichever is the greater.
So, what should I do now?
You’ll need to establish methods to ensure you gain visible consent for any data you collect. Then, make sure you tell people what you will do with their data. For example, this means you will have to ask before signing people up to your mailing list – you won’t be able to assume that you can do so just because they gave you a business card.
Then, you must make sure the data you collect is securely stored.
You could implement a ‘data audit’ in readiness for May 2018, appointing a team to check your current systems and processes and implement any changes. A regular audit schedule will then need to be arranged once May 2018 has passed.
How can exhibitions help me with GDPR?
We’ve saved the best part until last! Exhibitions are a fantastic way of collecting lots of individual data in one place, and as long as you get visible permission (such as asking people to sign a consent form when they pass you a business card), you’ll be able to continue.
The regulations also provide a great excuse to follow up with people you met at the event, since you’ll have to request further consent to sign them up to your regular mailing list or database.
In short, there’s nothing to be scared of with GDPR, as long as we all take a little more care over how we handle client data…the new regulations should benefit all of us in the long run (we’ll have to endure far less cold-calling, for a start!).
Can we help you answer any questions about data handling at exhibitions…or about exhibitions in general, for that matter? Our friendly team is always willing to help, so why not get in touch?