GDPR- A Trade Show Perspective
GDPR has takes the trade show industry by storm. It’s actually a thing of much concern as it has prevented the trade show companies from collecting the personal data of EU residents. GDPR stands for The General Data Protection Regulation and its real aim is to give more protection to an individual’s data in this modern world.
This law is mainly going to affect companies based on the US. This regulation states that If you do business with a company based in the EU or would like to in the future, this regulation will directly affect you. And even if you don’t do business in the EU, if you do business with a company that does business in the EU, this will likely affect you as well.
The GDPR regulations can be divided into two categories:
- Privacy Protection/Security
- Data Protection/Security
Let’s take a look at the consent for a moment. It states that the consent must be explicit for the data that are collected and the purpose for which it is being used. So, when a person registers for an event it must be such that the event organizer is explicit of the data being collected and how it will be used. If the attendee does not explicitly consent they are deemed to have opted out of their data being collected. The attendee can also opt out at a later date.
The GDPR also speaks of Data protection by Design and default. Article 32 of GDPR states that “the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.” This means the level of data security will be much higher as it contains credit card numbers and social security numbers too. Encryption of data might be an obvious answer but the fact that encryption key is likely to remain with the data owner is likely to cancel out this option.
Beyond that, it will depend on a variety of factors, including the type of data, as discussed above, and how the data is being used. And, as hackers discover new ways of stealing data, new countermeasures will be required by GDPR as well.
Although, if you are not doing business in the US but it would bar you from acquiring the data of those attendees that will come from the EU to attend the trade show.