WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The main difference is that the regulation will put more onus on organisations for seeking and recording permission, being transparent about what, how and for how long data is stored and used. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation is due to come into effect on 25th May 2018 and will affect all organisations that hold data on individuals. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
Please Note: All data provided by Engage Business Media due to GDPR is REQUIRED TO EXPIRE at 23:59 BST on 24th May 2018.
PREPARING FOR GDPR
As a responsible and professional business media company it is imperative we understand and keep up to speed with the new rules and obligations as and when available, we take GDPR very seriously and are actively putting steps in place to ensure our data is compliant.
At the moment, the full details surrounding the new regulation and its impact on the industry are not clear but the Live Events Promotion Group (formerly the FaceTime Working Group) will be working with ICO to provide guidance for event organisers as further information becomes available.
This is a living document and we are working to expand it in key areas.
ENSURING WE CAN
- Easily locate and amend/delete contact details easily and inform third parties to do the same.
- Privacy notices remain accurate and up to date with latest GDPR requirement.
- Individuals have access to their personal data so that they’re aware of and can verify the lawfulness of the processing.
- Information if requested is provided without delay within a month of receipt and free of charge.
- Immediately analyse any complaint regarding how information is used and provide a full explanation regarding the use of their information, source and relevance to a use or marketing purpose.
- Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
- Clearly inform an individual and provide the right to decline when data is being shared with third parties.
- The ‘right to be forgotten’ enabling an individual to request that personal data is deleted or removed.
- To stop processing data if an individual contests the accuracy of the personal data, processing will stop until the verification and accuracy of the data is approved.
- To provide data in a structured, machine readable format such as a CSV files.
- Stop processing data as soon as an objection is received
- To deal with an objection at any time and free of charge
- Inform individuals of their right to object in privacy notices and at point of first communication.
Data to be deleted from the database when:
- Where data’s no longer necessary in relation to the original purpose it was collected for.
- When the individual withdraws consent.
- When the individual objects to the processing and there’s no valid reason for continuing.
- The personal data was unlawfully processed (a breach of GDPR).
- The data has to be erased to comply with a legal obligation.
- If data is disclosed to third parties that is subject to an erasure request to contact third parties regarding the data and request for deletion.
DATA COLLECTION CONSENT
The GDPR sets a high standard for consent. Doing consent well puts individuals in control, building customer trust and engagement which enhances reputation.
- Offering individuals genuine choice and control.
- Requesting a positive opt-in, not a pre-ticked box or other method of consent by default.
- A very clear and specific data opt-in statement.
- Name any third parties who will rely on the consent.
- Make it easy for people to withdraw consent
- Keeping evidence of consent (who they are, when the provide their details, how they provided them and who they may have been shared with.
- Always review and refresh consent statements as and when anything changes.
- Avoid making consent a precondition of a service.
RESPONSIBLE DATA PROCESSING
Engage Business Media is making preparations for the changes. Further information will made be available as necessary on the progress towards ensuring that Engage Business Media is ready for the new rules coming into force on 25th May 2018.
- Further information and overview of GDPR visit: www.ico.org
The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO):
- Registration Number: ZA257892
- Data Controller: Engage Business Media
DESCRIPTION OF PROCESSING
We process personal information to enable us to produce and distribute printed material, promote our services; maintain our accounts and records; to support and manage our employees. We also process personal information in the course of selling, hiring or exchanging it.
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.