In his monthly column, David Chalmers, senior marketing director – Europe at Cvent says there might be grey areas of GDPR but let’s embrace the opportunities too.
Over the past few months, there’s been one word (or strictly speaking an abbreviation) we’ve been hearing a lot about. Yes, GDPR or the General Data Protection Regulation will transform how the events industry will collect, store and process personal data when it comes into effect on 25 May.
You’d think given all the media exposure to date around the regulation, there wouldn’t be much left to say. Yet I know first-hand from a recent webinar Cvent ran for more than 2,000 event professionals there are still many questions that remain unanswered for them – what I would call the grey areas of GDPR.
Take the issue around informed consent. GDPR requires event organisers to obtain consent from attendees to process (store and use) their personal data and explain how it will be used. Consent must be given freely by the individual, so methods to gain consent must be specific, informed and unambiguous. Forced consent mechanisms such as pre-ticked boxes or opt-outs will be no more.
So, when it comes to trade show exhibitions, how will the new regulations affect the collection and exchange of business cards or the scanning of badges? Attendees can already manually control whether they give consent by not allowing an exhibitor to scan their badge or withholding their business card. GDPR brings about some interesting propositions. Perhaps we’ll now see badges with encrypted QR codes – with data transferred only to specific exhibitors and consented to parties.
Then there’s the issue of business cards. How do you prove consent with an exchange and no written contract? The simplest way is to keep a record of where and when the exchange was made, but remember to also confirm and record what they consented to. If they just asked you to send them some follow up information on the subject you discussed, that doesn’t mean you can then store their data for future use for other purposes.
If you want to be really safe, you could follow up with an email to obtain consent before adding information to the database for future campaigns or sending them different information later? The last thing you want is to get caught out with the: “I don’t remember giving you my card why are you contacting me” line. Again, this is why record keeping is vital.
Issues of Consent
Trade show organisers typically purchase or utilise existing mailing lists from past events to market the event. GDPR changes the dynamics of this process; ideally you should get consent for all of your contacts and the best way to do this could be with a campaign for the upcoming event where you also ask for consent during registration.
If data is gained from third parties organisers need to know their processes for gaining consent aligns with the new regulation. It won’t be enough to leave it in the hands of someone else, as you are responsible for confirming this with your suppliers, and should audit any contracts with those who process personal data for you. Do your due diligence and keep direct records.
If you don’t have explicit consent from someone to store their data, an alternative reason you can use is legitimate interest, if you believe you have a genuine reason to process their data for a specific purpose. The challenge here is proving what constitutes a ‘legitimate interest’ for the subject. If someone attended an event the previous year and the same event is being hosted again a year later then you might decide to store their data and send an invitation as there is foundation for legitimate interest based on former attendance.
But is this enough? Ultimately it is your decision and you should confirm with your company expert or get legal advice to know what makes sense for your event.
Let’s see the opportunities too
For all the current confusion in the run up, I do believe there are some exciting opportunities we should also be embracing. Marketing attitudes are already changing and set to change further. Arguably for the better as IT and sales and marketing teams work cohesively to fall in-line with GDPR regulation.
Event marketing techniques are set to become more inbound focused. More creative strategies and content will be implemented on different channels to spark attendees’ interest and bring them to the table. Marketers will need to change their thinking; shifting their approach from pushing content to creating content to engage individuals enough for people to seek out their companies.
Overall digital marketing processes will be even more focused on the value for the recipient, and the shift to more inbound and permission based marketing offers databases of people unquestionably interested in your products, services and events.