How Secure is Your Event Data?
From 25 May 2018, the European Union’s new guidelines on data protection will come into force. The General Data Protection Regulation (GDPR) is designed to give EU citizens more control over the way their data is used, replacing laws written well before cloud technology and data collection were commonplace.
What is the GDPR?
The regulations brings together the distinct laws of 28 EU member states into one, much clearer regulatory environment. It marks a sea of change in the way personal data is handled, with some pretty significant implications for events professionals.
Under the new law, events organisers will have to make slight alterations to the way you engage with their guests. From now on, you will have to ask their attendees’ permission to store and use their data, inform them if there have been any data breaches, and provide digital copies of private records to their attendees upon request.
Another important development is the ‘Right to Be Forgotten’. This is significant, as it now gives customers ultimate control over the data. From now on, a guest can request that an event provider delete their data and stop sharing it with third parties at any point.
Why is cyber security important?
These days, data is currency. Personal data helps companies, advertisers, the government, and criminals learn more about customers and citizens. Keeping it secure is vital. Any breach could lead to names, addresses, or bank details falling into the wrong hands. For events planners, who are potentially handling data belonging to hundreds of guests, cybersecurity should be of paramount importance.
If you’re being lax with the data you have stored for your event, you could risk exposing your attendees to credit card fraud, identity theft, or ransomware, which holds your data hostage until a ransom is paid. The news is filled with stories of high-profile hacks and data breaches; recently, the NHS was targeted by such an attack, using the ‘Wannacry’ malware program. Although these large-scale hacks are the ones that make the headlines, events are just as ripe for exploitation.
Individual data breaches cost UK organisations’ an average of £2.48 million. Although attacks by malicious criminals and insiders are typically more damaging than negligence. The enormous cost of repairing the damage should highlight the need for diligence when dealing with sensitive data. Not only will it cost time (an average of 191 days to identify and 66 to contain) and money to fix, but events organisers also risk large fines for their companies if they fail to protect their guest’s information from breaches.
What can Eventprofs do?
With a renewed focus on data protection, it’s probably time that event organisers thought about what they’re already doing to keep your guests’ data secure. Doing so certainly lends credibility to events professionals in an industry increasingly defined by technology.
The first step is to consider how you’re dealing with the data you already have. For instance, have you been putting private and sensitive data in emails to third parties? A recent study has suggested that 65% of professionals have sent event data to contacts outside their department. This is potentially dangerous behaviour: it’s vital to share only what is necessary.
It’s also important to know the difference between ‘personal’ and ‘sensitive’ information. EU data protection regulations demand that ‘sensitive’ information — i.e. religious and racial background, political opinion, and mental and physical health — should be given extra protection. If your event makes use of this data, try to avoid sharing it.
There are a few quick-fixes for data security, such as keeping your computer systems regularly updated, ensuring all your staff have unique, secure passwords, and maintaining backups of sensitive information to make sure it doesn’t go permanently missing. In some cases it might be wise to delete any data that’s no longer need, and keep as much of what you do need anonymous, if possible.
The most important thing, however, is to find out whether your event technology provider is prepared for the GDPR, and whether they are already fully compliant with the relevant existing UK and EU regulations.
Ensuring Data Security
The most important thing, however, is to find out whether your event technology provider is already up to date on current UK and EU regulations. It’s also worth finding out if they are prepared for the GDPR, to avoid any compliance issues down the road.
Security is one of Eventogy’s selling points. High-profile banks and magic circle law firms trust our software to securely and safely handle their event data. Eventogy’s security is regularly independently tested, to ensure it meets the very highest industry standards. It’s important for events managers in all industries to spare a thought for data security: without the right management system, you could be putting hundreds of your customers at risk.