GDPR: A Trade Show Perspective

May 15, 2018

Chris Eisenberg

In addition to his duties as Executive Vice President of Sales & Business Development, Chris Eisenberg serves as Bartizan Connects’ in-house attorney specializing in Data Compliance. Chris advises companies on how to navigate the new data protection and privacy laws to ensure that they are compliant. 

As most of you know from the countless reminders online, the GDPR is the focus of much concern in the trade show industry.

What is the GDPR and why is it relevant to you? The General Data Protection Regulation is a regulation in the EU law on data protection and privacy. The aim of the GDPR is to give more protection to an individual’s data in the digital age. In the trade show industry, the focus will be on the collection and processing of attendee data. And yes, even if you are a U.S. company, this regulation will likely affect you.

If you do business with a company based in the EU or would like to in the future, this regulation will directly affect you. And even if you don’t do business in the EU, if you do business with a company that does business in the EU, this will likely affect you as well. 

The GDPR regulations can be broken down into two main categories: Privacy and Data Protection/Security.

The privacy section of the GDPR covers how a company who has legally obtained access to an individual’s data handles that information.

The data protection/security section of the GDPR covers how a company who has legally obtained access to an individual’s data protects that data from others.

Privacy

To begin with, there must be a lawful basis for processing an individual’s data. It may be necessary to fulfill a contract, fulfill an obligation, other legitimate interests or consent.

Let’s look at consent for a moment. The GDPR states that the consent must be explicit for both the data being collected and the purposes the data will be used for. So, when an attendee registers for an event, the show producer must be explicit in what data is being collected and how it will be used and the attendee must explicitly consent. If the attendee does not explicitly consent they are deemed to have opted out of their data being collected. The attendee can also opt out at a later date.

The consent issue is a key one for Bartizan, as our lead retrieval and session tracking apps were created to capture an attendee’s data, with their consent, of course. So, this is something that we have worked closely with our show producers in the EU on. Here’s what we recommend:

  1. The attendee is told, during the registration process, that their data will be collected by exhibitors for the purpose of marketing/selling their product to the attendee. It may also be collected by the show producer to track sessions and award CEU/CME credits. The attendee must explicitly consent to this.
  2. If the attendee does not explicitly consent, they are assumed to have opted out. If they do not consent, the barcode on the badge will reflect this.
  3. Signage in the exhibit hall will remind attendee that if they allow their badges to be scanned, exhibitors will collect data.
  4. If the attendee allows their badge to be scanned by an exhibitor or to enter a session after being informed of what it is being used for, then this is the explicit and knowing consent that the GDPR requires.

An individual also has several other important privacy rights. They have the RIGHT OF ACCESS, which gives them access to their data and to see how it is being processed. They also have the RIGHT OF ERASURE, which allows them to request that their data be removed. If there is a data breach, the individual must be notified within 72 hours of the data breach.

Data Protection/ Security

THE GDPR speaks of Data Protection by Design and Default. Data protection should be designed into the business process, program or app so that the data protection is there by default.

In analyzing data protection, I find that article 32 of the GDPR is also very important to consider.  Article 32 states, in part: "the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk." So, the level of security will be much greater for data that contains credit card numbers or social security numbers than it would for data that just contains name, email address and phone number.

So what is required? Encryption of the data would seem to be the very minimum required, with both the encryption key and the data in the control of the data owner only.

Beyond that, it will depend on a variety of factors, including the type of data, as discussed above, and how the data is being used. And, as hackers discover new ways of stealing data, new counter measures will be required by GDPR as well.

Securing attendee data will be a dynamic, evolving field and GDPR requirements will evolve as the technology evolves.

Perhaps as a way to help companies keep up with this, the GDPR also requires data governance to supervise the use and protection of the data within each company. This data governance can range from an internal Information Governance (IG) team to a dedicated Data Protection Officer whose sole job is to monitor the use and protection of the data.

The GDPR goes into law on May 25th. And even if you aren’t doing business in the EU, it’s very likely that similar laws will pass in the US eventually, as well they should as data protection and privacy of our data will remain important to all of us.

 

Don’t miss any event news! Sign up for any (or all) of our e-newsletters HERE and engage with us on TwitterFacebookLinkedIn & Instagram! 

Add new comment

Partner Voices
Overview: The award-winning Orange County Convention Center (OCCC) goes the extra mile to make every day extraordinary by offering customer service excellence and industry-leading partnerships. From their dedicated in-house Rigging team to their robust Exhibitor Services, The Center of Hospitality brings your imagination to life by helping you host unforgettable meetings and events. With more than 2 million square feet of exhibit space, world-class services and a dream destination, we are committed to making even the most ambitious conventions a reality. In October 2023, the Orange County Board of County Commissioners voted to approve allocating Tourist Development Tax funding for the $560 million Phase 5A completion of the OCCC. The Convention Way Grand Concourse project will include enhancements to the North-South Building, featuring an additional 60,000 square feet of meeting space, an 80,000- square-foot ballroom and new entry to the North-South Building along Convention Way. “We are thrilled to begin work on completing our North-South Building which will allow us to meet the growing needs of our clients,” said OCCC Executive Director Mark Tester. “As an economic driver for the community, this project will provide the Center with connectivity and meeting space to host more events and continue to infuse the local economy with new money and expanding business opportunities.” Amenities: The Center of Hospitality goes above and beyond by offering world-class customer service and industry-leading partnerships. From the largest convention center Wi-Fi network to custom LAN/WAN design, the Center takes pride in enhancing exhibitor and customer experience.  The OCCC is the exclusive provider of electricity (24-hour power at no additional cost), aerial rigging and lighting, water, natural gas and propane, compressed air, and cable TV services. Convenience The Center is at the epicenter of the destination, with an abundance of hotels, restaurants, and attractions within walking distance. Pedestrian bridges connect both buildings to more than 5,200 rooms and is within a 15-minute drive from the Orlando International Airport. The convenience of the location goes hand-in-hand with top notch service to help meet an event’s every need. Gold Key Members The OCCC’s Gold Key Members represent the best of the best when it comes to exceptional service and exclusive benefits for clients, exhibitors and guests. The Center’s Gold Key memberships with Universal Orlando Resort, SeaWorld Orlando and Walt Disney World greatly enhance meeting planner and attendee experiences offering world-renowned venues, immersive experiences and creative resources for their events. OCCC Events: This fiscal year, the OCCC is projected to host 168 events, 1.7 million attendees, and $2.9 billion in economic impact.  The Center’s top five events during their 2022-2023 fiscal year included:  AAU Jr. National Volleyball Championships 2023 200,000 Attendees $257 Million in Economic Impact MEGACON 2023 160,000 Attendees $205 Million in Economic Impact Open Championship Series 2023 69,500 Attendees $89 Million in Economic Impact Sunshine Classic 2023 42,000 Attendees $54 Million in Economic Impact Premiere Orlando 2023 42,000 Attendees $108 Million in Economic Impact