GDPR - Are You Ready?

Every so often noteworthy buzzwords pop up in the industry – for 2018 and especially for MAY 2018 - it will be “GDPR”.  As the enforcement deadline to become GDPR, EU Global Data Protection Regulation, compliant begins to close in, event organizers are scrambling to ensure compliance.

GDPR – What Is It?

Global Data Protection Regulation was adopted by the EU Parliament in April of 2016 to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.On May 25th, the GDPR enforcement period begins!  GDPR addresses some of the key items such as: improving personal data privacy, providing additional controls and notifications for “data subjects” (i.e. people), creating clear and transparent policies and improving how organizations approach privacy data.

Who Does GDPR Affect?

GDPR affects any company or organization holding or processing data of ALL EU citizens or residents. And in today’s economy, this impacts organizations around the globe.

What Should Ai Clients Be Doing to Prepare

Ai recommends all clients educate themselves, their staff and third party providers with the GDPR Policy.  Ai also suggests that clients inquire with their vendors on their GDPR readiness.  Listed below are several different themes to assist your inquiries.

Privacy By Design – Organizations should put security as its number one priority.  Security must be an integral part of an organization’s daily work flow and not just a policy and procedure document.  Ask providers for policy statements and staff education.

Breach Notification – Organizations have 72 hours after a data breach to notify their users and the supervising authority. Ask providers for their breach identification and notification plans.

Consent – Attendees must provide consent to collect their personal data.  And providers need to explain how their personal data will be used. Ask providers for consent statements and implementation plans.

Access – Organizations must permit attendees to access and change their personal data.  Ask providers to demonstrate how data subjects can access and change their data.

Right To Be Forgotten – At any time, attendees can request to have their personal data removed.  Ask providers how they will handle deletion requests.

Data Portability– Attendees can request an export of their data in a digital format. Ask providers to explain and demonstrate how they will fulfill these requests.

How is Ai preparing for GDPR

Ai began GDPR preparations many months ago and are have always put our client’s data security at the forefront of Ai-Platforms design and support.  We are actively updating and changing policies, procedures, and Ai-Platforms to ensure as a ‘GDPR Processor’ we are prepared to help our client’s GDPR compliance. Our official GDPR Policy can be found HERE.

Privacy By Design – As a PCI DSS Compliant Corporation we have been performing security audits, scans and staff education.  Ai has performed a comprehensive data audit and updated our policies and procedures for GDPR compliance.  All Ai staff are required take a GDPR E-Learning course to ensure all employees understand the importance of GDPR and data subject’s privacy rights.

Breach Notification – Ai implemented a breach notification policy as part of our PCI DSS compliance several years ago. This policy has been updated to reflect the new GDPR requirements.  Additionally, Edge Hosting, Ai’s hosting provider, utilizes several layers of security and state of the art intrusion detection systems to help prevent breaches before they happen.

Consent – We are coordinating with our clients to update and implement consent policies in adherence with their GDPR efforts.

Access – Our technology platforms have always put attendees in direct control of their data.  We are currently updating our existing policies so attendees know they have direct control to alter or update their personal data or to be informed of the data use.

Right to Be Forgotten – Ai is implanting an easy to use utility to permit our client’s to ‘forget’ appropriate personal data through an easy to use action. Additionally, in the coming weeks clients will see a new tool to identify data to remove and can work with their Project to adjust.

Data portability – Ai is implementing an export to permit clients to provide a data subject with their data that was collected.

As we head into the home stretch before GDPR enforcement begins please watch for more information, tips, and tricks.  If you have 5questions pertaining to your site please contact your PM.  If you would like to discuss how Ai could assist your company with becoming GDPR compliant please contact Amy@Attendeeinteractive.com