By Jack Ukil, Director of Sales, Cvent Australia
Starting 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) will be enforced.
Although Australian event planners may initially deem the new regulation as irrelevant to their Australian-based operations, the reality is that the GDPR does affect the Australian events industry, and its impact could be significant.
When you consider the number of Australians who hold dual citizenship, it is safe to state that the clear majority of events held in Australia are attended by citizens of the European Union (EU). This means that Australian event planners who ignore the new regulation do so at their peril.
Of course, Australian event planners who run events in the EU are obliged to adhere to the new GDPR standards; but moreover, even if an event held in Australia is attended by a single citizen or resident of the EU, that likely needs to be GDPR compliant – and enforcement will start in earnest on May 25
Regardless of location, organisations that offer goods or services to, or monitors the behaviour of EU citizens and residents are now required to reconsider how it collects, stores and protects any and all data relating to citizens of the EU.
The fines for non-compliance are massive, up to 20 million Euros, or four percent of revenue, and being found non-compliant can have a detrimental impact on a brand’s reputation.
So, what is the GDPR and what does it require of Australian event planners?
Internationally deemed the most important change in data privacy regulation in more than 20 years, GDPR is the result of four years of public consultation regarding the collection, use, storage and protection of any and all data relating to the identification of EU citizens.
From gender, age and preferred modes of communication, to basic records of event attendance and even dietary requirements, GDPR covers all data relating to the identification of individuals.
A data-driven marketing game-changer, GDPR essentially gives individuals ultimate power over how their personal information is collected, used, stored and protected. It includes requirements that resemble those in the Australian Government’s Privacy Act 1988, and additional measures that similarly aim to foster transparent information handling practices and business accountability around data handling.
While the Office of the Australian Information Commissioner (OAIC) has formally published new guidance for Australian businesses on the EU’s GDPR requirements, many industry insiders predict that Australia – like China and other nations from all corners of the globe – will soon follow the EU’s lead when it comes to privacy protection laws pertaining to Australian citizens.
To be GDPR compliant, an organisation must:
- Have a legitimate business interest, contractual right or seek the consent of an EU citizen or resident before obtaining any data that could identify that individual including his or her preferences and behaviours
- Be able to prove lawful storage of data in accordance with GDPR standards
- Be able to delete the individual’s data if they request to be forgotten from all your digital systems
- Adhere to standards of ongoing protection of data in accordance with GDPR
- The OAIC recommends that Australian businesses ensure they are compliant with GDPR now. While the task may seem overwhelming, event organisations can use purposely-designed technology, provided by companies like Cvent, to manage the lawful control of data.
As a global company, Cvent – which recently opened their Asia-Pacific headquarters in Melbourne – has been focused on data security and privacy for many years. We have built functionality into our system and technology platform to give our customers the tools they need to alleviate the risks associated with managing data. Our software can track the collection of data, where it is being used and how across the event lifecycle.
The investment we’ve made into our platform represents the company’s longstanding dedication to being ahead of the curve on data privacy issues including third-party validation by Privacy Shield and TrustArc Inc.
Cvent’s focus on privacy and data security did not just come about because of GDPR. These are concerns that are growing in importance for many of our clients and their customers. We have invested heavily to help bolster the compliance demands of our customers and will continue to be at forefront of this wave as it grow momentum around the world.