The General Data Protection Regulation (“GDPR”) is a data privacy regulation that came into effect on May 25th, 2018 and applies to any event worldwide that collects data from citizens of the European Union. Event organizers who collect personal data from attendees living in the European Union is required to obtain an expressed and free consent from these attendees before collecting and using their data.
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas
This (relatively new) regulation aims to better manage the rights of individuals within the digital evolution, including the development of “big data”, e-commerce and connected devices, which are based primarily on the collection and processing of personal data.
It aligns data privacy laws in Europe, protects the privacy of EU citizens and imposes important new obligations on anyone who processes data concerning (i) the collection and transfer of personal data and rules regarding (ii) data security.
We may ask for personal information, such as your:
You must obtain consent from your participants who are EU citizens to store and use their data and transparently explain how this data will be used.
Participants can ask you to delete their data and to stop sharing their data with third parties. These third parties are obliged to stop processing the data and must delete it upon request.
You must provide your participants access to their data within 30 days and explain to them how you are using their data.
Participants can ask you to transfer to them their data in a digital format in order to transmit their data to another data controller.
Any security breach should be reported to the participants with 72 hours of you becoming aware of such breach and you are liable to use technology systems that manage participants’ data according to industry standards.
GDPR affects almost any company processing personal data. Personal data can be defined as any information used to identify a person (e.g. name, address, date of birth, location, ID numbers, etc.). In case of events, it applies to all event organizers, event registration platforms, mobile applications and business meeting platforms used in events.
GDPR has a principle of extraterritoriality which automatically requires any company that collects data from a European citizen to comply with the regulation, even if the company is not established in the European Union. If a European citizen registers for that event abroad, the organizer and his/her subcontractors must comply with GDPR. This regulation has therefore affected almost all events worldwide.
The GDPR introduces new rights for attendees of an event and obligations that require event organizers to review the way they work, how they collect data from participants, inform them of the purpose of data collection and their rights and how the organizer ensures the security of his/her data.
As the person managing the data, the organizer must prove that the participant has provided consent regarding the processing of his/her data and that this processing is carried out under the rules of GDPR.
When collecting participant data via his/her ticketing tool, the organizer must provide him/her with information that is concise, transparent, understandable and easy to access regarding the processing associated with his/her data. The information must be accessible and easy to understand.
Regarding the processing of data for participants and exhibitors, the organizer must indicate the below mandatory information when registering a participant:
The collection & processing of participant data is lawful only if: (a) the participant has consented to the processing of his/her data for a specific purpose and (b) the processing is necessary for the performance of a contract where the participant concerned is a party.
The organizer and his/her subcontractors must enforce measures to:
On the very first login of the participant, we offer the option to the participants to review the conditions pertaining to their data access & sharing. This allows them the option to reconfigure these provisions in their individual profile pages. The participant can restrict their data from being shared with the sponsors, exhibitors, as well as request DealIntent for the deletion of their account at any time.
By default, the contact details of all attendees are private. Unless they exchange business cards or accept a LinkedIn connection request, the participant’s data is not shared with another party. The participants can also configure if they don’t want their data to be visible & accessible for networking in which case they won’t be listed in the networking section, so no one will be able to connect with them. They can change their mind and join the networking area later on by changing the setting in their profile page.
DealIntent is hosted with AWS and uses a secure infrastructure to ensure participant data is fully secure at all times. We work with highly accredited subcontractors who are certified with latest security credentials such as ISO27001, ISO27018, SOC2, PCI DSS, etc.
CHOICE AND CONSENT:
INFORMATION FROM THIRD PARTIES:
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
ACCESS AND DATA PORTABILITY:
You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
NOTIFICATION OF DATA BREACHES:
We will comply laws applicable to us in respect of any data breach.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Disclaimer: This document is intended to convey general information only as a starting point for your understanding the GDPR regulatory requirements. It is not intended as legal advice, nor is it meant to convey legal facts. No action should be taken in reliance on the information found here, and DealIntent disclaims all liability with respect to any acts or omissions based on the contents of this document. You should consult a licensed attorney or regulatory expert to discuss your specific legal, compliance and GDPR-related issues