Don’t
worry, it’s not a trick question! But it
is an important one.
You may
have seen the term ‘GDPR’ as you scrolled through various news feeds, along
with a vague warning to make sure your business is compliant. But you were too busy to click on the full
story just then, so you resolved to find out more later on.
If this
is you, we know the feeling! But this EU
regulation (yes, it does still apply to the UK) is going to affect most
companies. Since we don’t have all that
long to prepare for it, we thought we’d bring you nicely up to date in one
handy blog post. Not only that, we’ll
tell you about how exhibiting your business can actually help you along the way
to compliance!
Are you
ready? Then let us enlighten you.
What is GDPR, anyway?
An easy
question to start us off with. The EU’s
General Data Protection Regulation (GDPR) is a new regulation that will govern
how businesses handle and protect the personal data they collect. Effectively, we will all have more rights regarding
our own data.
When will it become
effective?
From 25th
May 2018. You’ll need to ensure your
company is compliant beforehand, so it’s not as far away as you might think!
What will I need to do?
Firstly,
you’ll need to keep records of all personal data – along with proof that individual
consent has been given. You’ll also need
to show what you intend to do with the data you’ve collected, where it will be
stored and how it will be protected.
The GDPR
differs from the current Data Protection Act in its definition of “personal
data”. The extended definition includes
categories that include computer IP addresses and genetic make-up. In short, absolutely anything that could be
used to identify an individual person will count as “personal data”.
So if
you collect business cards, sign-up or feedback forms for example, the new
regulations will apply.
What are the implications of not complying?
As well
as complying with the regulations in full, you will need to ensure you report
any incidences of personal data being stolen within 72 hours.
Non-compliance
could lead to fines of 4% of global turnover, or up to €20 million – whichever
is the greater.
So, what should I do now?
You’ll
need to establish methods to ensure you gain visible consent for any data you
collect. Then, make sure you tell people
what you will do with their data. For
example, this means you will have to ask before signing people up to your
mailing list – you won’t be able to assume that you can do so just because they
gave you a business card.
Then, you must make sure the data you collect is
securely stored.
You
could implement a ‘data audit’ in readiness for May 2018, appointing a team to
check your current systems and processes and implement any changes. A regular audit schedule will then need to be
arranged once May 2018 has passed.
How can exhibitions help me
with GDPR?
We’ve
saved the best part until last!
Exhibitions are a fantastic way of collecting lots of individual data in
one place, and as long as you get visible permission (such as asking people to sign
a consent form when they pass you a business card), you’ll be able to
continue.
The
regulations also provide a great excuse to follow up with people you met at the
event, since you’ll have to request further consent to sign them up to your
regular mailing list or database.
In
short, there’s nothing to be scared of with GDPR, as long as we all take a
little more care over how we handle client data…the new regulations should
benefit all of us in the long run (we’ll have to endure far less cold-calling,
for a start!).
Can we
help you answer any questions about data handling at exhibitions…or about
exhibitions in general, for that matter?
Our friendly team is always willing to help, so why not get in touch?
No comments:
Post a Comment