GDPR closes in on data’s dark side

DATA is vital to the smooth running of the meetings industry, with digital technology increasingly relied upon to get people together, facilitate networking and collaboration, and provide feedback for marketing and planning.

Indeed, Scott Schenker, vice president of the strategic events company ServiceNow, is of the view that many planners don’t go far enough when it comes to mining “rich data” – the kind that can be used to increase revenue.

“Data is what moves people through the purchasing funnel,” he told the audience at Transform’s inaugural business, marketing and training event last year.

“Where you’ll find added value – and monetisation opportunity – is in tracking changes from pre- to post-conference, in how attendees feel, think, know, and do.

“Unfortunately, trade show organisers rarely collect this type of data, and if they do, they rarely share it with exhibitors and other partners.”

It was a call to action, to consolidate business by organising and sharing data based on successful events.

More: Why event planners need big data – Sherrif Karamat

That was last year, and in terms of marketing strategies, the advice is as solid now as it was then. However, on May 25 this year, the EU introduced the General Data Protection Regulation (GDPR), and it changed everything. It is no longer possible to be quite as bullish about data as before. The collection and use of information is not as straightforward as it was before recent events.

Data mining has a whole new perspective following the Cambridge Analytica and Facebook US election controversy. There also came allegations that Canadian data firm AggregateIQ used Facebook information to influence the outcome of the UK’s Brexit referendum.

Although the US election and Brexit data controversies are the highest profile, they are only two among many examples of data misuse and theft in recent years.

The protection of the data and privacy of EU citizens – wherever they are in the world – has changed radically since May, with serious implications for anyone in the meetings industry doing business with them.

Listening to, tapping, intercepting, scanning or storing communications are considered an offence without the user’s agreement, and companies have to ask for the explicit consent of users before being able to use their data for advertising purposes, with huge fines for those who fail to comply.

Canadian lawyer Marc Gagné (right), who runs a data governance consultancy and advocacy service, describes GDPR as “the biggest event of the year” and is in no doubt about its impact on the meetings industry.

“The important thing to note for event planners is that GDPR covers EU citizens wherever they go. So, just because your event might be held in Hong Kong, Japan, or Toronto, doesn’t mean you’re off the hook for GDPR compliance,” he says. “If you have EU attendees, you need to get up to par with those privacy standards, and fast.”

Gagné says planners need to look, not just at how they collect data, but where they store it, and that organisations will now be required to employ a data controller.

“They’ll need to beef up security in most instances, and they’ll need to rewrite their data collection mechanisms in order to include privacy measures set forth by GDPR.

“Rather than viewing event attendees as merely a goldmine of data, planners will need to change their perspective and view them as people who have rights – privacy rights.”

Gagné says the march of events technology makes the data situation more complex. “Organisations that collect data at events and conferences have a lot of work to do to ensure both security and privacy, perhaps even more so than any other industry,” he says.

“The very nature of the business calls for hyper levels of connectedness because people are travelling, networking, sharing ideas, sharing documents, and attending via web conferencing; all the activities that are so wonderfully enabled and enhanced by technology.”

He says free sharing programs, including certain messaging apps, have lower standards of security and that planners should consider switching to products with higher security protocols.

More from Marc Gagné here… Love data, but know the limits

Gagné is in no doubt about the value of regulation, saying that businesses cannot be trusted to implement data controls voluntarily.

“In an industry that relies on technology to bring people together and facilitate networking and collaboration, even once they’re on site, you’re never going to see a rollback in progress as far as technology is concerned.

“You have people trading digital business cards, allowing conference apps access their calendars and accepting push notifications for all kinds of event-related activities. You have live delegate polling, post-event surveys, how will anyone protect their data in a sea like that?

“It’s doubtful whether we can stop the forward march of organisations’ desire to collect data. It’s really a fact of life now: companies will try to collect as much as they can because it’s going to help their bottom line.

“Once you link data to profits, that’s all the justification [businesses] need for collecting all the data they want. And that’s why we need legislation like GDPR.”

David Becker (left), CEO of event management software company zkipster, says the events industry has traditionally been “really bad with data”.

“Up to now, handling personal data securely was never the chief concern for the vast majority of event professionals on tight schedules,” he says. “Data gets hoarded on old guest lists across a dozen spreadsheets. Security standards are rarely high. Now the industry is faced with a pivotal moment, old habits need to go.

“People around the world are getting more wary about their own personal data, and the EU is moving into action with the biggest data protection regulation in 20 years, event planners should be very wary of these developments.”

More from David Becker: ‘Stressful transition… but an opportunity’

Meeting, planning and event technology consultant Corbin Ball, says that, while data is important, it is now vital for planners and events managers to balance its value against privacy requirements.

“Events are not particularly about privacy,” he says. “A major component is about meeting others of like interest – networking consistently is one of the top reasons people go to events.

“The important thing, however, is that meeting hosts must protect against data breaches, especially where payment processing is involved.”

Ball says that in the past privacy has been limited to a matter of personal concern but now the new regulations make it a requirement.

“Privacy is a very personal decision,” says Corbin, adding that while some people post details of their lives on social channels, others are extremely cautious.

“Data protection is a very serious issue and meeting planners, suppliers and others need to be alert to it and take measures to protect it.”

Laurie Lau (right), a Hong Kong-based Asia Pacific cyber crime and computer forensic consultant and chairman of the Asia Pacific Association of technology and Society, says that while GDPR adds a worldwide requirement of data compliance for EU citizens, there are also regional standards in place, such as the Hong Kong privacy ordinance.

Lau says Hong Kong planners are already required to limit the amount of personal data they capture. It is a legal requirement that it is stored in a secure environment for seven years, and that it cannot be used for any other purpose than that for which it was originally intended.

“In Hong Kong, planners need to aware of the privacy ordinance requirements first, then look at GDPR, working with both to reduce risk. But they need to ask themselves why they need the data. If the answer is not too clear then don’t collect it,” he says, adding that planners should only collect the data they need for the task at hand.

Uniplan associate account director Josef Liu agrees with Lau that while “live data” is immediately useful “to gain a better understanding of the audience experience so business can cater to its needs better”, it should not be stored, reminding that unencrypted information is easily hacked.

“You should not capture sensitive data until you build trust with the brand loyalist, especially with payment data,” he says. Liu says event marketers are “essentially data controllers” and should abide by the following procedures:

• Identify where data transits and resides,

• Know where data is used and accessed,

• Protect data through security technology and practices, and,

• Give guests control over their data.

He says a “brand data mine” can be important to improve services. “That is where trust is built”, adding that it should not be used for promotion and/or advertising.

As zkipster’s David Becker sums it up: “We have been living in a Wild West-like time, which is now coming to an end.”

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>