How Europe's data protection law (GDPR) might impact business conferences and conventions

computer keyboard with red key labeled Data Protection

CNBC News explained that a new European Union (EU) data law known as the General Data Protection Regulation (GDPR) will become effective at the end of May 2018 and will impact not just EU organizations, but global companies with customers and businesses in Europe as well.

The GDPR will replace the current Data Protection Directive and is intended to put the control of personal data gathered by companies back in the hands of consumers, CNBC News reported. Since the go-ahead was given in April 2016 to pass this new regulation, organizations across the 28 member nations of the EU have been expected to update policies to meet the new standards. After the end of June 2018, any business that fails to comply with the new rule may be subject to fines of up to 4 percent of total global turnover or 20 million Euros, which is $24.6 million USD.

New regulations for businesses

CNet reported that it has been almost a decade and a half since the last set of data regulations were put in place and the new GDPR means big changes. Among the modifications is a company's duty to inform users and consumers of a data breach within three days time, more clearly identify and expand what personal data consists of and newly define rules for those in charge of handling the data. Overall, the regulation is streamlining regulations for how all businesses and organizations should manage Europeans' personal data. 

If your business has roots in the EU, regularly hosts meetings in the region or regularly invites EU citizens to attend events and conferences, compliance with the GDPR is crucial. Tech giants and social media platforms have been at the top of conversation regarding the new regulation, especially Facebook, CNet reported. Facebook has already announced plans to step up its privacy settings.

Business meetings and events

Since the new regulation applies to the personal data of all EU citizens, the meeting industry will have to practice extra caution as there is such a high amount of data handled in this sector, Skift reported. From names, ages and addresses to food preference, birthdays and travel information, there is a lot of personal information that meeting holders typically gather from event attendees. That means U.S. companies and meeting holders must also be in compliance. This is true for when meetings or events are held in the EU or in any other location where an EU citizen is present.

According to Cindy Fisher, senior vice president and global head for CWT Meetings & Events, early reports have revealed that most won't be prepared for the new regulations.

"A number of myths still surround GDPR principles and how they should be interpreted and implemented," Fisher said. "It's still a very new subject or way of approaching data protection for most U.S. companies; the learning curve is steep."

While some organizations have been working on modifying practices since the piece of legislation was passed in 2016, many are still scrambling to get on board.



The information contained here is provided by Brafton. AIG Travel assumes no responsibility for the use, accuracy, or interpretation of the information contained herein.