GDPR & Akkroo
On 25th May 2018 the General Data Protection Regulation (GDPR) comes into force. GDPR is big news for the events industry, where vast quantities of personal data is collected in a variety of ways.
In light of these new regulations, we’ve created this page to set out our commitment to the GDPR, and share the steps we’re taking to ensure compliance with the GDPR by 25th May.
What is GDPR?
The GDPR legislation is a new set of rules on data handling and processing for the digital age. It’s aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of organisations to deal with that data in transparent and secure ways.
The GDPR is an EU law that determines how any organisation must treat the personal data of any EU citizen. It applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. It doesn’t matter where your business is based – if you’re dealing with customers in the UK and the EU, you need to ensure compliance with these regulations.
What about PECR?
The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the GDPR. They give people specific privacy rights in relation to electronic communications.
There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
How GDPR & PECR will affect the events and trade show industries
In the events industry, a huge amount of personal data is collected and passed around in various ways. Everyone involved with the events industries is likely to feel the effects of the GDPR – from event organisers to attendees.
To clarify, we’re going to focus our comments here on how event exhibitors will be affected by the new regulations.
For the majority of event and trade show exhibitors, their primary goal is to capture leads by collecting contact details of event attendees. GDPR & PECR will have a profound impact on the way businesses can capture, process and follow-up with leads during and after an event. For event lead capture, there are two major considerations for gathering data in a way that complies with both the GDPR & PECR:
- Consent — attendees need to give clear, explicit consent for you to contact them. This needs to be opt-in, rather than opt-out.
- Purpose — exhibitors need to provide clear information to attendees about why they need this data, what it will be used for, and how long they will store it for. It’s no longer enough to say "we’ll use your data for marketing purposes"; you need to be specific.
One thing it’s important to note is that the GDPR covers all personally identifiable information – so business email addresses and phone numbers are covered under this legislation.
What is Akkroo doing to comply with the GDPR?
At Akkroo, our entire organisation is hard at work ensuring that our own practices are GDPR compliant. In the UK, we are registered with the ICO (Information Commissioner’s Office) as a data processor, and we have spent a lot of time consulting with legal experts about GDPR and how to handle data in a compliant way.
To ensure we’re ready as an organisation, we have done the following:
- As a Leadership team, created an internal strategy for GDPR compliance
- Appointed a Data Protection Officer
- Communicated with our entire organisation the responsibilities and requirements of GDPR
- Conducted a thorough internal audit of all aspects impacted by the GDPR of both the Akkroo platform and systems we use for processing customer data
- Established clear guidelines between Akkroo and any sub-processors
- Documented all types of personal information we hold, the source of that information, how it is stored and for how long
- Implemented changes to several internal processes around sales and marketing activity
How using Akkroo will help our customers comply with GDPR when collecting leads at events
It’s important to us that we help our customers understand what GDPR means for their businesses and build compliant lead capture processes of their own. This means we’ve put a lot of work into ensuring that the Akkroo Event Lead Capture solution sets you up to comply with the GDPR when capturing leads at events.
Akkroo’s solution operates in a way which naturally helps you work towards being compliant with the requirements of GDPR (and in turn, PECR). Of course, there are no silver bullets to compliance, but we can help you ease the load for a significant part of that journey.
Different organisations use event lead capture forms in different ways, and as a result customise the forms to suit their own business requirements. It’s important that you double-check your forms to ensure you are asking the right questions, securing consent, and providing the right information to comply with the GDPR.
Features in the Akkroo app and dashboard that will help you comply with GDPR include:
- The ability to add your own privacy statement & terms and conditions in a pop-out window, that leads can view before submitting their details in the Akkroo app. This means you can provide specific information about what you are gathering attendees’ details for, and what they will be used for in the future.
- The ability to gather explicit opt-in consent during the lead capture process.
- Send an immediate follow-up email, confirming with the attendee how you got their details, requesting a double opt-in (if appropriate) and providing instructions on how to request the removal of their data from your systems.
- Lead data captured through the Akkroo app is automatically associated with a specific event, date and time-stamped together with a record of who in your business collected the information, so for audit purposes you know exactly when, where and by who that lead was captured.
Akkroo’s commitment to helping our customers with GDPR
We are fully committed to developing the Akkroo Event Lead Capture solution to make it easy for event and trade show exhibitors to comply with GDPR when collecting leads at events. We are working closely with our customers to help them adopt event lead capture best practice, and help them maintain compliance with GDPR.
Want to learn more about GDPR?
For more information on how GDPR will affect the events industry, and how you can get ready to exhibit at events attended by EU citizens after 25th May 2018, check out the website ‘GDPR for Events’.