Getting ready for the General Data Protection Regulation (GDPR)

Questions answered by David Chalmers, Senior Marketing Director, Cvent Europe for Headquarters Magazine 

How has Cvent prepared for GDPR?

Over the last 12 months our technical, security, marketing and legal teams have worked to deliver an internal cross functional programme to prepare for General Data Protection Regulation (GDPR) prior to the 25th May deadline. We have rigorously looked at all the systems and solutions across our platform and assessed the necessary changes to implement in order to enable customers to comply with the new regulation. To demystify GDPR legislation for our clients we have produced resources to describe the updates to our processes and systems and the benefits these bring to every stage of the event lifecycle. We are also investing in producing educational content from live webinars to videos, blogs, infographics and regularly updated Q&A’s, all accessible online.

What do associations need to do / consider in relation to GDPR?

In a nutshell GDPR gives EU citizens greater control over how their personal data is used anywhere in the world. As associations collect data of their members through multiple platforms including database management systems, websites, member events and registration systems, GDPR directly impacts how these bodies will collect, manage and protect the data. To comply with regulation associations must implement a comprehensive GDPR programme prioritising areas of the business with the highest risks such as consent, privacy and sensitive data. In practical terms this means reviewing current processes against GDPR guidelines including all subcontractors providing or processing personal data, assess risk levels and examine data and security framework and set up internal procedures for breach notifications. We are helping our association clients and inviting them to use our educational resources to support their understanding the new regulation.

What can Cvent do to help associations comply with the new regulation?

Following a detailed analysis of the regulations and how they impact events, Cvent products have been enhanced to support GDPR compliance for our customers and their attendees across the entire event lifecycle. Pre-event associations can benefit from event website and online registrations which only use essential cookies, legally certified privacy notifications to ensure members understand how their data will be processed, new fields to capture consent freely, the ability to edit and localise language and tracking and auditing capabilities. During the event associations should do away with manual sign in sheets, utilising OnArrival to seamlessly check-in attendees and securely print badges. Post event only members who consent will receive marketing communications. Members have the right to request their data and to be forgotten. With our dedicated process to monitor such requests data files can be provided within the 30-day timeframe or all personal data anonymised with metric information retained for accurate reporting. In addition, Cvent’s global security monitoring and incident management footprint is capable of breach identification and response around the clock and across every time zone.

GDPR can be a daunting, but it’s enforcement highlights best practice opportunities to drive the event industry forward by strengthening relationships between companies and their attendees. The true essence of GDPR is about behaving in a way that is transparent about how you will use people’s personal information and builds trust with them.

For more information: www.cvent.com