on

Assessing The Impact Of GDPR On The Meeting Industry

by | May 22, 2019 | Blog

GDPR and the meeting industry. The EU General Data Protection Regulation (GDPR) on data protection has now been in force for almost a year. It has had a direct impact on the meetings industry across Europe and beyond. As a professional conference organiser with a focus on compliance, at Congrex Switzerland, we started taking steps towards GDPR implementation before May 2018.

Our efforts focused on building GDPR requirements into our operational practices and technical applications. This has been a broad-ranging endeavour with implications for every organisational department, from IT to Housing and including Marketing and Meeting Planning. In this article, we outline the impact of GDPR and how we have handled the new requirements, hoping that this serves as a useful guideline to other professionals in the meeting industry.

GDPR In The Meeting Industry

As a conference organiser, Congrex is a data owner, a controller, and a data processor. This means we need to comply with different requirements and have a number of obligations that need to be compatible across our different roles. This requires taking a comprehensive approach to enforcing GDPR in all our IT operations. After auditing our data protection policy, we classified our course of action into two distinct areas:

External:

  • Replacing suppliers and services that were not GDPR compliant.
  • Consulting our clients as part of our needs analysis process.
  • Signed all necessary data processing contracts, ensuring all rights and duties were clearly stipulated.

Internal:

  • Designated an internal DPO (data protection officer) with legal expertise, as required by Articles 37 and 39 of GDPR. The DPO’s primary role is to monitor all practices related to data protection so we can revise them on an as-needed ongoing basis.
  • Modified some of our software to ensure it was in line with GDPR concerning the rights of data subjects.
  • Applied greater scrutiny to any IT-related operations that involved processing or transferring personal data.
  • Trained all internal staff to create a culture of data protection awareness.

GDPR & Meeting Planning

GDPR’s impact is somewhat limited in this department. The main change involves the event enrolment process. In addition, we have modified our forms and no longer ask delegates for specific personal data.

GDPR & Housing

The changes here have been substantial, as GDPR requires data encryption and the set up of individual access systems when dealing with personal information. This means we’ve had to redesign our communications with hotels and other travel service providers.

For example, credit card data are now sent to service providers via a secure link or over the cloud instead of over plain e-mail. The same applies to delegate lists that are routinely sent to hotels, which are now password-protected and sent over the cloud. Moreover, third-party room reservations are now available via a secure system, which includes individual log-in credentials for each delegate.

GDPR & Registration Services

Following GDPR implementation, our registration department no longer collects delegates’ data. These include an address, marital status, e-mail, and others. Previously, this type of data was passed on to our clients at their request, usually, after a meeting was over for follow-up purposes.

On the one hand, this reduces the volume of work for our department. But on the other, it incurs additional costs and effort. For example, signs must be set up at the venue to make delegates aware of opt-out possibilities. We also need to get very granular, specifying what data we’re collecting and for which purposes.

Conclusion

Overall, GDPR has been a positive addition to our operations, making them more robust and reliable. It has also brought value to our clients, who now have full control over their personal data. However, we’re facing new challenges as a result of these regulations. Many suppliers and clients aren’t aware of the full scope of GDPR. So data collection and handling are now longer processes as we need to explain the changes. At the same time, GDPR compliance is labour intensive. It has added 1-2 additional steps to the workflow of most departments. Looking ahead, our main priorities are raising GDPR awareness among all parties involved, and streamlining further our operations while keeping GDPR principles at the core of what we do.

More News

A group of professional associates engaged in a lively discussion around a table filled with laptops, notepads, and digital tablets, which epitomizes the collaborative spirit of an association management company.

What Is An Association Management Company (AMC)?

An association management company (AMC) offers crucial management and specialised administrative support to professional associations, facilitating their growth and prosperity.…

Six Strategies for Mastering Omnichannel Engagement Within Your Association

Six Strategies for Mastering Omnichannel Engagement Within Your Association

In the face of declining membership levels since 2020, it’s evident that modernizing engagement strategies is not just beneficial but…

Evolving Strategies for Enhancing Membership Engagement and Growth in 2024 Title showing engaged medics applauding

Evolving Strategies for Enhancing Membership Engagement and Growth in 2024

As we step into 2024, associations are navigating a rapidly evolving landscape. The strategies that worked for membership acquisition and…

Event Technologies to Achieve a Captivating Attendee Experience title image showing engaged attendees clapping hands

Improving the Attendee Experience with Event Technology

5 Event Technologies to Achieve a Captivating Attendee Experience Despite the many changes in the meeting industry, the attendee experience…

Congrex Switzerland

Pin It on Pinterest

Shares