GDPR: A Trade Show Perspective

May 15, 2018

Chris Eisenberg

In addition to his duties as Executive Vice President of Sales & Business Development, Chris Eisenberg serves as Bartizan Connects’ in-house attorney specializing in Data Compliance. Chris advises companies on how to navigate the new data protection and privacy laws to ensure that they are compliant. 

As most of you know from the countless reminders online, the GDPR is the focus of much concern in the trade show industry.

What is the GDPR and why is it relevant to you? The General Data Protection Regulation is a regulation in the EU law on data protection and privacy. The aim of the GDPR is to give more protection to an individual’s data in the digital age. In the trade show industry, the focus will be on the collection and processing of attendee data. And yes, even if you are a U.S. company, this regulation will likely affect you.

If you do business with a company based in the EU or would like to in the future, this regulation will directly affect you. And even if you don’t do business in the EU, if you do business with a company that does business in the EU, this will likely affect you as well. 

The GDPR regulations can be broken down into two main categories: Privacy and Data Protection/Security.

The privacy section of the GDPR covers how a company who has legally obtained access to an individual’s data handles that information.

The data protection/security section of the GDPR covers how a company who has legally obtained access to an individual’s data protects that data from others.

Privacy

To begin with, there must be a lawful basis for processing an individual’s data. It may be necessary to fulfill a contract, fulfill an obligation, other legitimate interests or consent.

Let’s look at consent for a moment. The GDPR states that the consent must be explicit for both the data being collected and the purposes the data will be used for. So, when an attendee registers for an event, the show producer must be explicit in what data is being collected and how it will be used and the attendee must explicitly consent. If the attendee does not explicitly consent they are deemed to have opted out of their data being collected. The attendee can also opt out at a later date.

The consent issue is a key one for Bartizan, as our lead retrieval and session tracking apps were created to capture an attendee’s data, with their consent, of course. So, this is something that we have worked closely with our show producers in the EU on. Here’s what we recommend:

  1. The attendee is told, during the registration process, that their data will be collected by exhibitors for the purpose of marketing/selling their product to the attendee. It may also be collected by the show producer to track sessions and award CEU/CME credits. The attendee must explicitly consent to this.
  2. If the attendee does not explicitly consent, they are assumed to have opted out. If they do not consent, the barcode on the badge will reflect this.
  3. Signage in the exhibit hall will remind attendee that if they allow their badges to be scanned, exhibitors will collect data.
  4. If the attendee allows their badge to be scanned by an exhibitor or to enter a session after being informed of what it is being used for, then this is the explicit and knowing consent that the GDPR requires.

An individual also has several other important privacy rights. They have the RIGHT OF ACCESS, which gives them access to their data and to see how it is being processed. They also have the RIGHT OF ERASURE, which allows them to request that their data be removed. If there is a data breach, the individual must be notified within 72 hours of the data breach.

Data Protection/ Security

THE GDPR speaks of Data Protection by Design and Default. Data protection should be designed into the business process, program or app so that the data protection is there by default.

In analyzing data protection, I find that article 32 of the GDPR is also very important to consider.  Article 32 states, in part: "the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk." So, the level of security will be much greater for data that contains credit card numbers or social security numbers than it would for data that just contains name, email address and phone number.

So what is required? Encryption of the data would seem to be the very minimum required, with both the encryption key and the data in the control of the data owner only.

Beyond that, it will depend on a variety of factors, including the type of data, as discussed above, and how the data is being used. And, as hackers discover new ways of stealing data, new counter measures will be required by GDPR as well.

Securing attendee data will be a dynamic, evolving field and GDPR requirements will evolve as the technology evolves.

Perhaps as a way to help companies keep up with this, the GDPR also requires data governance to supervise the use and protection of the data within each company. This data governance can range from an internal Information Governance (IG) team to a dedicated Data Protection Officer whose sole job is to monitor the use and protection of the data.

The GDPR goes into law on May 25th. And even if you aren’t doing business in the EU, it’s very likely that similar laws will pass in the US eventually, as well they should as data protection and privacy of our data will remain important to all of us.

 

Don’t miss any event news! Sign up for any (or all) of our e-newsletters HERE and engage with us on TwitterFacebookLinkedIn & Instagram! 

Add new comment

Partner Voices
One of the most iconic names on the Las Vegas Strip just got an upgrade. Mandalay Bay has everything that your business needs from a refreshed convention space designed to inspire productivity and creativity, to an impressive selection of world-class restaurants and amenities. If you're looking for a venue that's both inviting and innovative, you have to be here. New Wave Experiences Mandalay Bay continues to invest in a new wave of enhancements both in the convention space and within the resort as a whole. New restaurant openings including Orla by Michael Mina, drawing inspiration from the award-winning chef’s childhood in Egypt and with flavors and décor inspired by the spices found in markets common to coastal Mediterranean towns, as well as Caramá by Wolfgang Puck, bringing the essence of Italy and spirit of Wolfgang into one concept, are recent additions. The Four Seasons Hotel Las Vegas also experienced a recent remodel of all 424 rooms. Swingers, a high-end, adults-only golf and entertainment concept will debut in Fall 2024. Enhanced Technology Creating a truly effective conference venue requires careful thought into what a business needs: the right technology, capacity, and inspiration to bring ideas to the next level. As part of the resort’s refresh, Mandalay Bay implemented state-of-the-art technology upgrades, installing cutting-edge Cat6A Ethernet cabling throughout the convention center. This advancement doubles the frequency of data transmission, enabling lightning-fast speeds up to 9400% faster. The convention center now boasts 11 dynamic digital walls, spanning up to 24' x 13', strategically positioned for brand placements, sponsorships and targeted event messaging. Additionally, attendees can benefit from 20 double-sided 55" mobile flexible display units, facilitating effortless navigation to meeting rooms and events. RFID locks were installed on all meeting room doors, and over 200 motion detection cameras have been placed throughout the space. Refreshing New Design & Fine Art The newly remodeled convention space provides a bright and vibrant atmosphere that complements Mandalay Bay's tropical-inspired brand. Featuring white-washed walls and ceilings adorned with bold floral patterns in cerulean and coral tones, the space is complemented by warm walnut accent walls. In addition to the redesign of all pre-function spaces, meeting rooms and ballrooms, Mandalay Bay's 1 million square feet of exhibit space has undergone a rejuvenation, including new paint, covered pillars and relocated strobe lights. Sustainable Spectacles Mandalay Bay is committed to Focused on What Matters and creating more responsible meetings. Refillable water stations all available around the resort, cutting unnecessary plastic usage from single-use bottles. The Mandalay Bay campus’ recent upgrades represent a bold step forward in redefining the Las Vegas experience. With a focus on innovation, sustainability, and unparalleled service, Mandalay Bay sets a new standard for excellence in business hospitality. Whether you're seeking cutting-edge conference facilities, world-class dining options, or simply a luxurious retreat, an unparalleled meeting experience awaits.