GDPR is the most important change in EU data privacy regulation
You’ve without doubt heard of GDPR if you’re looking to participate in European tradeshows in the upcoming year. The new legislation concerns the way companies gather and handle personal data of prospects, customers and employees. GDPR is coming into effect on the 25th of May 2018.
In its essence, the GDPR aims to protect personal data and prevent unsolicited marketing, as well as data leaks. All that has been a cause for concern over the past few years. The new legislation is focused on protecting the five rights of each citizen: the right to information, the right to access, the right to correction, the right to erasure and the right to data portability.
Why should you care about GDPR?
The General Data Protection Regulation will affect the entire European Economic Area, including the UK. Up until this point, most countries had their own national data protection laws which will remain in effect until the 25th of May; in Germany, this is the so-called BDSG (Bundesdatenschutzgesetz – Federal Data Protection Act). What this essentially means is that any company, even international organizations, that have customers from the European Economic Area (which includes EU, Iceland, Liechtenstein, Norway and the UK) will need to comply with the new regulations.
This is of particular importance to business owners looking to exhibit at trade shows in the EU. Since most of your attendees will be European citizens, they will fall under the protection of the GDPR. If you fail to comply with the GDPR regulations, you may face fines of as high as €20 million, or 4% of your annual global turnover, depending on which is higher.
How will GDPR change European trade shows?
As already mentioned, since GDPR protects the right of citizens in the EEA, trade shows hosted in European countries require compliance with the new legislation. Trade shows and exhibitions are all about meeting potential new leads and collecting data from people who might be interested in your products or services, so you can see how these may be affected by the GDPR.
The new rules are exceptionally strict regarding what constitutes ‘personal data’. The definition is ‘any information relating to an identified or identifiable natural person (‘data subject’)’ which means names and surnames, email addresses, photos and images, and phone numbers. All of these must be gathered, stored and handled with extreme sensitivity to ensure compliance with the new regulations.
Think, for instance, about how you usually gather consumer information at a trade show. You may offer a prize draw or host a contest where customers looking to participate would need to leave a name, contact details or a business card. Normally, you would then go back to the office and upload all the information into your CRM system and begin sending out newsletters. Under the GDPR, you can no longer do that, as this is considered unlawful collection of data.
What is lawful collection of data and how to ensure I comply with the new regulations?
To guarantee compliance, you first need to understand what you’re – or will be – doing ‘wrong’ as of 25th of May 2018. When collecting personal data, you need to ensure that the person has given you explicit consent to process their data for one or more specific purposes. Alternatively, the GDPR also allows you to collect and process personal information if this is necessary for the completion of a contract which the subject is party to.
In simpler words, you always need to ask permission!
For instance, if an attendee leaves their business card at your stall as part of a contest, you will need to get in touch with them by phone or email and ask for their consent for a particular range of products or services before you begin marketing. If an attendee places an order at your exhibition, you can contact them (since this will be needed for the completion of the contract they signed) but if you want to market further products and services to them, you need to send a subsequent opt-in email or a call.
How to prepare for the GDPR?
As mentioned above, many countries have national data protection laws in place, like the BDSG in Germany. Companies and business owners that already comply with the BDSG would have an easier time adjusting to the GDPR, so early awareness and preparedness is key.
It’s best to create a timetable and raise awareness of the new legislation and the changes it is about to bring as early as possible. Make sure all of your employees and especially those, participating in trade shows, know about the new practices and data protection regulations. This may be a time- and resource-consuming process, especially for larger organizations so the earlier you start, the better.
Consider coming up with a revised or updated data protection statement in advance and adjust your databases to ensure compliance with the new regulations. In short, this means proof of legitimate use of data (storing customer consent along with their contact details and personal information); this must be documented and available at all times.
GDPR means clearly documented consent
If you don’t have documented consent, it’s best to obtain a clear consent declaration via a double opt-in as soon as possible. If you cannot obtain consent, it’s best to delete the record (otherwise, you may be facing fines when the GDPR comes into effect). As a rule of thumb, store only information that is absolutely necessary – anything more means potentially failing to comply with the new regulations.
In terms of technology, start looking into data protection technology and tools, if you don’t already have such in place. Check out whether your so far used lead retrieval tool or app has updated in order to comply with all relevant GDPR demands. You need to ensure your prospects’ and customers’ data are stored securely and any potential infringements are detected quickly.
Consider how your approach towards trade shows will change, as well. Up until now, even though most of the data protection laws have been in place for several years, failure to comply wasn’t such a huge issue. With the steep fines that the GDPR plans to introduce, however, compliance has become critical.
For the future you will have to forget about handwritten trade show forms laying around on your booth – the only way forward from now on is to “go digitally” and save any trade show customer interests on a mobile device or any similar digital installation. There are actually only a few digital solutions out in the market that will allow you to handle your attendee information that complies with the new EU data protection law.
Make sure you update your trade show strategy and your internal database for storing prospect and customer information, and start working towards full compliance with the GDPR as early as possible.
You may contact us at any time for further information.