Email the editor

Quick fines will follow new EU data laws after May deadline, say experts

New regulations will impact every member of supply chain in the industry, including the client.

Pictured: The panel, moderated by CAT Publications' Martin Lewis, included (L to R) Bruce Smith chairman of NorthPointe Management Group, David Chalmers of CVent, Nigel Bywater MD of Engaged'Em and Paul Miller MD of DMC Spectra

"The Information Commissioner’s Office (ICO) is staffing up to implement new EU data laws and they are looking to get some quick wins in terms of fines,” according to CVent senior marketing director David Chalmers.

He warned industry professionals that while the EU’s General Data Protection Regulation (GDPR), which comes into force in less than four months’ time, may be aimed at big digital multinationals, it will be quicker and easier for the ICO to prosecute smaller outfits first. He said: “Staffing up is going to add cost and they will be looking to raise revenue through fines as quickly as possible”.

The warning came at a seminar on the subject of GDPR at Simpsons at The Savoy, organised by the UK chapter of the Society of Incentive Excellence (Site) when delegates were told by another speaker, Bruce Smith, chairman of NorthPointe Management Group, that being GDPR compliant would be a prerequisite of Requests for Proposals (RFPs) so being non-compliant is not an option. Nigel Bywater, MD of Engaged’em, and Paul Miller, MD of DMC Spectra, said the new regulations will impact every member of supply chain in the industry, including the client.

And, being caught in breach of the regulation is not an option either, when the fines can be up to 4 per cent of turnover or €20 million! The GDPR comes into effect on May 25 and attendees were advised to shape up and be ready with policy statements and processes before that time. A fundamental target for the events industry will be the common practice of sharing data via rooming lists or flight details by email – no longer acceptable unless encrypted.

Smith told delegates that privacy policies have to be clear and unambiguous. For a full explanation of the requirements of GDPR go to

Facebook Share Twitter Share LinkeIn Share