Email the editor

Audit ahead of GDPR changes, eventprofs warned

Meetings Industry Association (mia) breakfast seminar urges industry to properly sort through stored data

Events industry professionals have been urged to audit all data as a first step in preparing for incoming General Data Protection Regulations (GDPR), as the sector is labelled as hoarders.

The advice, from Hellen Beveridge at CircData, was issued to help the industry properly manage their data correctly and securely, and help filter out unnecessary information ahead of the implementation of the new laws in May 2018.

The new laws are aimed at safely guarding information stored about European Union (EU) citizen. Key factors of the new laws are ensuring the safe storage of personal data and consent.

Beveridge warned: "Particularly in event industry we’re very, very bad of getting rid of data we no longer need. We keep it forever and ever.

"We’re quite good at retaining information, but absolutely rubbish at destruction. It’s like a child with its toys.. 'no I can’t get rid of Sammy the snake'.

"Sales people especially love to have a big database and say 'oh we have to have 10,000 people on our database list. Well how many people do you call in a week? 10? I think there’s an opportunity there."

Beveridge was speaking at a breakfast seminar on the new GDPR changes, organised by the Meetings Industry Association (mia), at Bush House at King's College London.

She also warned against ambivalence towards hackers, saying any organisation was at risk regardless of its size.

"Recent research is that hackers are after little companies because they’re the least secure. They’re less likely to take it security seriously, less likely to upgrade their software," she said. "Serious hackers are after lots of little pockets of information that they can then put together and then sell on."

Email is also the most likely way of a data breach occurring. Beveridge explained: "If you're in the habit of sending out Excel spreadsheets by email that isn’t password protected, if there’s one thing you can take away from today, then it's to stop that. Any email you send out needs to be data encrypted.

"Emails are very, very leaky. Email is the least secure part of any organisation's security system, not part because it’s controlled by humans.

"A spreadsheet that is sent to the wrong person via email, something as simple as that is a data breach. If that breach isn’t rectified and if it presents a serious risk to individual’s concern, ie it contains passport information, that is risky… and you would have to report that breach."

Beveridge recommended all industry professionals take an online IDM course to familiarise themselves with GDPR.

Facebook Share Twitter Share LinkeIn Share