Assessing The Impact Of GDPR On The Meetings Industry

by | May 22, 2019 | Blog

The EU General Data Protection Regulation (GDPR) on data protection has now been in force for almost a year. It has had a direct impact on the meetings industry across Europe and beyond. As a professional conference organiser with a focus on compliance, at Congrex Switzerland, we started taking steps towards GDPR implementation before May 2018.

Our efforts focused on building GDPR requirements into our operational practices and technical applications. This has been a broad-ranging endeavour with implications for every organisational department, from IT to Housing and including Marketing and Meeting Planning. In this article, we outline the impact of GDPR and how we have handled the new requirements, hoping that this serves as a useful guideline to other professionals in the meetings industry.

GDPR & IT In The Meetings Industry

As a conference organiser, Congrex is a data owner, a controller, and a data processor. This means we need to comply with different requirements and have a number of obligations that need to be compatible across our different roles. This requires taking a comprehensive approach to enforcing GDPR in all our IT operations. After auditing our data protection policy, we classified our course of action into two distinct areas:

External:

  • Replacing suppliers and services that were not GDPR compliant.
  • Consulting our clients as part of our needs analysis process.
  • Signed all necessary data processing contracts, ensuring all rights and duties were clearly stipulated.

Internal:

  • Designated an internal DPO (data protection officer) with legal expertise, as required by Articles 37 and 39 of GDPR. The DPO’s primary role is to monitor all practices related to data protection so we can revise them on an as-needed ongoing basis.
  • Modified some of our software to ensure it was in line with GDPR concerning the rights of data subjects.
  • Applied greater scrutiny to any IT-related operations that involved processing or transferring personal data.
  • Trained all internal staff to create a culture of data protection awareness.

GDPR & Meeting Planning

GDPR’s impact is somewhat limited in this department. The main change involves the event enrolment process. In addition, we have modified our forms and no longer ask delegates for specific personal data.

GDPR & Housing

The changes here have been substantial, as GDPR requires data encryption and the set up of individual access systems when dealing with personal information. This means we’ve had to redesign our communications with hotels and other travel service providers.

For example, credit card data are now sent to service providers via a secure link or over the cloud instead of over plain e-mail. The same applies to delegate lists that are routinely sent to hotels, which are now password-protected and sent over the cloud. Moreover, third-party room reservations are now available via a secure system, which includes individual log-in credentials for each delegate.

GDPR & Registration Services

Following GDPR implementation, our registration department no longer collects delegates’ data. These include an address, marital status, e-mail, and others. Previously, this type of data was passed on to our clients at their request, usually after a meeting was over for follow-up purposes.

On the one hand, this reduces the volume of work for our department. But on the other, it incurs additional costs and effort. For example, signs must be set up at the venue to make delegates aware of opt-out possibilities. We also need to get very granular, specifying what data we’re collecting and for which purposes.

Conclusion

Overall, GDPR has been a positive addition to our operations, making them more robust and reliable. It has also brought value to our clients, who now have full control over their personal data. However, we’re facing new challenges as a result of these regulations. Many suppliers and clients aren’t aware of the full scope of GDPR. So data collection and handling are now longer processes as we need to explain the changes. At the same time, GDPR compliance is labour intensive. It has added 1-2 additional steps to the workflow of most departments. Looking ahead, our main priorities are raising GDPR awareness among all parties involved, and streamlining further our operations while keeping GDPR principles at the core of what we do.

Related Articles

The success of an association depends on the satisfaction of its members. While growing your membership is crucial, it is equally important to retain association members. Besides, it is cost-effective to win-back members instead of running campaigns for new memberships. Members usually leave an association due to lack of engagement, economic hardships, and lack of […]

When you have to organise a conference annually, you need to find creative ways to make the conference memorable. An unforgettable meeting guarantees more attendees in the next convention. Maintaining simplicity and allowing the theme to speak for itself will make your conference stand out. However, meeting planning is tedious and stressful. You have to […]

Social media has changed the nature of events, prioritising elements like engagement, communication, and interaction over the plain delivery of information. The latest data on social media use shows that there are nearly 3.5 billion social media users worldwide and growth shows no signs of stopping. Given the widespread use of social media, it makes […]

Want to be updated regularly?
Subscribe to our newsletter.

You have Successfully Subscribed!

Pin It on Pinterest

Shares