The 25th International exhibition of security and fire protection equipment and products
19-22 March 2019 • Moscow, Expocentre Fairgrounds, Pavilions 2, 8

GDPR: what you need to know

News
As exhibitors, communication is your lifeblood. You take part in ITE events to meet new business partners, give out business cards and company/product information, and set up deals and meetings for after the show, and, well, communicate with attendees. GDPR, a series of new laws changing the ways companies handle data, stands to change almost everything. These are exceptionally important, so let’s take a look at what these laws actually are – and how they affect you.
GDPR: what you need to know


What is GDPR? 

 

GDPR, or the EU General Data Protection Regulation, is a new set of regulations designed to replace the EU’s original data protection guidelines. 

 
Essentially GDPR means the way companies process individuals’ private data has changed. Consent is everything – cold calling, blind emailing, and generally using data without permission, is a thing of the past.
 
GDPR enters EU law from May 25 2018.
 

What is considered personal data under GDPR?
 

Personal data is any information related to a person that be used to identify them directly or indirectly. This covers everything from names, email addresses, phone numbers, and photos. Under GDPR, even things like social media posts, event photo badges, and business cards are deemed personal data.
 

What are the GDPR regulations?
 

At a basic level, everyone involved in marketing or data handling, must be aware of the following GDPR features:
 
Consent – This is the big one. Any business that is going to store and use a person’s data has to ask for that individual’s consent. They need to explain what they are going to do with the data, how long they plan to keep it, and document the process. 
 
Basically, this is what GDPR boils down to. You must, 100%, ask for a person’s permission to use their data from May 25 2018. Data may not be used outside of its intended use either. 
 
Right to access – Individuals will be able to submit Subject Access Requests (SAR) requesting all the data a company has on them. Businesses must be able to provide electronic copies of the data, explain how it is stored, and what the company uses it for.
 
Data portability – This is connected to an individual’s right to access, a person can also obtain and reuse their personal data for their own purposes across different service. Businesses will subsequently have to provide the requested data in an appropriate format.
 
Right to be forgotten – Individuals also have a right to be forgotten; able to request any company holding their data delete it and not share it with any third parties.
 
Mandatory breach notifications – Should any data breaches occur, businesses will have to inform the supervisory authority within 72 hours of first identifying the issue.
 
Penalties – Fines for failing to comply with GDPR can be up to four percent of a business’ global annual turnover or up to €20 million.
 

My business is not in the EU – does GDPR still affect me?
 

In short, yes. If you’re working with any EU citizen’s data, then GDPR still applies. It doesn’t matter where your company is located – even outside of Europe.
 
For instance, you’re a Russian company exhibiting at Securika and have met and networked with a German company. You’re planning to contact them after the show as a follow up, and want to collect email/phone numbers at the event. 
 
This is fine – but you must first explain what you’re going to do with their contact details, and get their express consent to contact them, before making your post-show comms. This can be as simple as a tick box on a form and some text explaining your data intentions, but you need to make sure you have their permission before getting in touch! 
 

How will GDPR change exhibitions?
 

As we mentioned above, things like business cards, email addresses, and phone numbers, are personal data. This is the details exhibitors are after at events like Securika, but you will have to ask visitors’ permission to use it directly – and explain what you want to use it for.
 
So, if you have contact forms, make sure you have clearly expressed what data you want, how you’re going to use it, and a box asking for that individual’s permission. That should cover you under GDPR. Your customer will a) know you have their data, and b) you’re using it to contact them at its most basic level.
 
Business cards also fall under GDPR’s umbrella. Tradeshow exhibitors collecting business cards, or scanning badges, must follow up with an email obtaining consent from the recipient before their details are added to any marketing databases.
 

How can I get ready for May 2018?
 

There are a couple of steps you can take to make sure you’re GDPR compliant by the May deadline:
 
Map your data – Companies should map where all of the personal data they receive/collect comes from, and document what they’re doing with it. Show where data is stored, who can access it, and see if there are any security risks.
 
Realise which data you need to keep/need – GDPR encourages companies to really think hard about what data they need. Have clear goals about what you’re looking for when exhibiting at an event. Do you need job titles, departments and so on? Or do you only need email addresses and contact numbers?
 
Change your documentations – Anything materials like contact forms need to explicitly detail what data you want, where/how you plan to use it, and options for individuals to give their permission for you to use their data. Make sure you do this prior to any show – especially if you’re expecting to meet EU companies.
 

GDPR: shaking up exhibitions from 2018 onwards
 

With May’s deadline approaching fast, you need to get ready for GDPR now. The consequences for not be compliant are massive, so it’s well worth getting everything ready for Securika this year.
 
Don’t get caught out. Simply follow the above guidelines, and you’ll be fine. For more information, be sure to visit the EU's GDPR page, which goes into depth on these new regulations’ impact.