Avoiding a data disaster
The General Data Protection Regulation (GDPR) act was introduced in 2018 and in the run up to its implementation, was viewed by many as being the new ‘Y2K’. Those of a certain vintage will recall during the run up to the millennium in the late 1990s, there were concerns that computers wouldn’t be able to handle years beginning with ‘2’, that the stock market would crash as a result, planes would fall out of the sky, and Nintendo games consoles around the world wouldn’t turn on. Of course, 2000 came and went, and nothing happened. It was the same with GDPR: nothing has really changed… so long as you were managing your data correctly in the first place.
And we are, aren’t we?
In late October, Conference News partnered with EventsAIR to host a roundtable discussion with corporate, PCO, and agency representatives, and its fair to say there was a great deal of revelation.
Paul Martin, director of sales, EMEA, EventsAIR, asked a question which brought the table to a pause: “Where does your data go? When, for example, you send the list of delegates and their dietary requirements to the caterer, what happens to it?”
We often view data as a nebulous, almost abstract concept, and that results in us not understanding its true value. Think of it like money, and all of a sudden the importance of knowing where it is becomes easier to comprehend.
Among the attendees at the discussion was Liz Zutshi, MD at TTA. TTA is an agency specialising in healthcare and pharmaceutical conferences. What does an agency that situation need to bear in mind when handling a client’s data; are there are extra risks or do those rest solely with the client?
Zutshi, says: “First and foremost as an agency, it is important to identify and assess the data that we are handling on behalf of our clients and importantly the purpose.
“As an agency we must take responsibility for faultless information handling and ensure that processes and policies are in place to reduce potential risk across the lifecycle of every event or campaign. The main risks that we hold responsibility for, and one of our biggest challenges, is within our supply chain. Our sub-contractors or sub-data processors to which we pass event attendee data on – for example, hotel and meeting venues, travel suppliers and event technology companies – to name a few.
“We go to extreme lengths to preserve the privacy and security of our clients and their attendees. We take it very seriously, so we work with them to ensure that we act responsibly on their behalf.”
One stop shop
Another key issue flagged by attendees was that, in some cases, they have to use multiple systems and software to store delegate data, which makes the practical task of managing it, particularly at events, all the harder.
David Cobbald, events and membership coordinator at the Professional Publishers Association, says: “Managing data has been tricky for me, what with old, dated systems that aren’t able to integrate and talk to updated, newer ones. The solution so far seems to be amalgamating all data into one, central system, but the cost, time and GDPR restrictions involved make it a very difficult process. Having multiple systems isn’t hindering us per se, but I believe a slicker, modern, central system for all of data will both speed up processes and make it even easier to be GDPR compliant.”
However, Heather Lishman, association director at ABPCO, thinks that technology’s role should be measured, and shouldn’t impact on the human touch. She says: “ABPCO’s values are excellence, learning and belonging. We work hard to engender a real sense of community and support. We don’t want all our processes to be auto-generated, as we feel that would not uphold our values. Our purpose talks about human enrichment, and we try hard to make sure that we keep the ‘human’ side of the association.”