If I had $5 dollars for every time the acronym GDPR has assaulted my weary eyeballs over the past 6 months, I could buy a vineyard in Napa Valley and discuss the complexities of Pinot Noir for my remaining days. The General Data Protection Regulation (that’s what the acronym stands for) is a brainchild of the European Union and comes into force on 25 May 2018, shortly after IMEX Frankfurt.
The fact that it’s an EU regulation, however, doesn’t absolve non EU entities from adherence. GDPR applies to organisations located within the EU and to organisations located outside the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. And it doesn’t matter where your company is located if you store personal data of data subjects residing in the EU.
You’re Head of Sales for a Hilton Cluster in New York City. You attend IMEX, Frankfurt and ibtmWorld, Barcelona, typically collect business cards from German and UK incentive agencies and upload them to SalesForce. GDPR applies to you.
You work in Industry Relations for a large third party organisation in a mid-western city in the US. You’ve an enviable database of supplier contacts based in Italy, France, Spain and Ireland. GDPR applies to you.
You’re a Media agency often brought in by end-user corporate or third party clients to “socialise” an incentive travel experience. You have gazillions of pictures from incredible motivational events in Berlin, Barcelona and Bordeaux. Most of the pictures feature qualifiers from North America but, inevitably, local guides, coach drivers, on-site crew, entertainers also appear in the pictures. GDPR applies to you.
It’s all to do with how “personal data” is defined and the definition is broad indeed. Any information regarding a person that could be used to identify that person is considered to be “personal data”. So it could be simply a name, a picture, an email address or posts on social media. And, the regulation doesn’t make a distinction between the private and the professional – a business phone number, address or email is considered to be personal data and, therefore, is subject to due protection.
There’s a rich source of GDPR related content already in circulation across the broad spectrum of the MICE industry. The SITE leadership and marketing team have been collecting and curating that content for some time and have created a Flipboard where you can both access the content and also add to it.
We encourage you to click through on the link – absorb the content, but also leave some too. That way our repository gets bigger and bigger and we have more and more to share.
We’re grateful to have our own GDPR expert at SITE – former SITE President, Paul Miller. Paul and his co-presenter, Bruce Smith of Tenex Analytics have delivered numerous seminars on GDPR and have agreed to be spokespersons on GDPR on behalf of SITE and the SITE membership. If you have any specific questions, you can contact Paul at firstname.lastname@example.org or Bruce at email@example.com.