As the countdown continues to the GDPR, event profs need to prepare, says Hellen Beveridge, head of strategic insight at Circdata.
The events industry is no stranger to new legislation, but nothing that has gone before will have such far-reaching consequences as the impending General Data Protection Regulation (GDPR).
More than a few organisers seem to have been caught completely unawares, even though the changes were announced as long ago as December 2015.
Despite Brexit, the UK will be bound by the regulation from 25 May 2018, and even after we leave the EU it’s unlikely that the government will unpick much of the legislation when it formulates new data protection laws.
The proposed regulation on privacy and electronic communications should also be on the radar, particularly for organisers of consumer shows and those companies that are already taking advantage of more sophisticated digital techniques like geofencing and proximity marketing.
While the general principles of the regulation are clear, there is still uncertainty around some of the finer details, like issues of retrospective application and third party permissions.
Industry associations like the direct marketing association (DMA) are making plenty of noise around the more restrictive aspects currently proposed and we must hope that common sense will prevail to create workable solutions.
What GDPR does give event organisers is a one-off opportunity to take a disciplined look at what data is held, why it is held and what the intended use is.
It should be a formidable tool that can be used to accelerate customer service and marketing efforts from a properly structured, live database.
Quality will become far more important than quantity, with knowledge about behaviour driving content-rich, automated marketing campaigns that draw potential visitors in and turn them into brand advocates.
Providers of CRM systems have been quick to jump on the bandwagon, seeing an opportunity to access a whole new group of marketers, many of whom still rely on manual manipulation of data held on Excel spreadsheets.
Off-the-shelf CRM systems are not necessarily the right solution for event organisers who often have complex demographic information to manage.
The Association of Event Organisers (AEO) has advised its members to undertake an internal data audit – but what exactly does that look like? You need to start by understanding what the definition of personal data is, and get someone on your organisation to take responsibility for it.
Next you need to know who has access to this data, where they are storing it, and what they are doing with it. You also need to identify any potential risks so that you can create mitigation plans.
If, after this process, you discover that you have a lot of undefined, unprotected data and that it has been spread far and wide across servers and individual computers, you need to work out how you are going to consolidate and secure it.
Once you have done this you need to go through the process of erasing the data from everywhere else.
There will be howls of protest from those who are used to personally handling data. But your audit should illustrate that there’s little need for anyone to see individual records. A well-constructed database will have the interrogation tools you need for analysing your data without the need for export.
You don’t need to see which individuals opened an email in order to do a retargeting campaign, nor do you need to download a database to count attendees from EC1. It will be a brave new spreadsheet-less world, but one that will empower, rather than encumber, marketing efforts.
GDPR charges every organisation to establish excellence in their data handling practices. It will be painful in the short term, but the future benefits of data discipline and good habits are likely to be reflected in higher quality marketing, higher quality audiences and higher quality events.