GDPR: Towards a more ethical use of personal data in the event industry

shdw

Technology and society are evolving really fast. Digital transformation is “forcing” event companies to observe new customers’ behaviour, values and expectations and to use technology in ways that improve customer experiences. In order to offer such services, event organisers need something valuable from their customers: their data. Some customers might feel empowered by this customisation of services but others feel powerless as they do not know what happens with their personal data. It is clear that companies in general and event organisers in particular, must make an effort and communicate about the personal data they handle in a more transparent way. A good way to do so is to systematically inform customers about the type of data they collect and how they intend to use it.

The new General Data Protection Regulation (GDPR), the furthest reaching legislation ever on the use of data, is about to become a reality in the following months. Any company gathering and processing personal data of EU citizens will need to comply with the new Regulation by 25 May 2018 at the latest. But in today’s digital environment, compliance to the law is not enough, there is also an ethical dimension of data processing to be considered, as for example profiles used to predict customer’s behaviour potentially reinforcing stereotypes and social exclusion. However, as stated by the European Data Protection Supervisor, Giovanni Buttarelli, “privacy and data protection are part of the solution, not the problem”.

Data Protection regulation has been part of EU legislation already since 1995, but it is only during the last few years that it has become a hot topic. Why now? Many reasons can explain this, but one of them is clearly the exponential rise of the data mining capabilities developed by large companies, which can rely on an ever growing network of smartphones, devices and soon household appliances to collect the personal data of their users. The Internet of Things has entered our lives so deeply that we can hardly imagine how our life on the internet was ten years ago. Now in 2017, can we still pretend we can control our personal information? In fact, isn’t it too late already? It is clear that users’ trust is essential in this context. However, how can a company be transparent about highly technical and complex issues such as Big data? This is a relatively new phenomenon and users are only just becoming familiar with its implications and the possibilities such a technology offers. There are many questions that users are struggling with: How much is my data worth? Can my personal data be used against me? How can I have more control over the data I am sharing? These questions will need to be addressed if users are to entrust companies with their data. Hopefully, there are alternatives to put users back in control of the data they generate. User data could be stored on a users’ personal cloud service and access to parts of that data could be given upon the users’ explicit consent, with the right to terminate such access at any moment.

The GDPR and principles such as data portability and data ownership may be the right impetus for shifting power back to users. However, such a shift may come at a price. Until now, any company dealing with personal data would expect some kind of economic advantage, in the form of a marketing database, a commercial lead, advertisement benefits or simply information to be sold. Less data could have an impact on their business plan. In the best-case scenario, such companies will use the GDPR as an opportunity to improve a trust relationship with their contacts/customers. But other companies will maybe not be able to enforce GDPR as it is meant to be and will be forced to change their business model. Some services that were free could be charged for, and some companies could disappear if they cannot adapt to the new regulation.

It is often said that if something is free, you are the product. This certainly applies to the current situation. We are basically telling people to choose between selling their data to get “free” products at the cost of privacy, or taking back control of their personal information. These two behaviours will never cease to exist, and indeed the younger generation looks less worried about sharing their data, but the difference is that the legislation seems to have put the user, us, at the centre of the board. And this is encouraging.

Advertisements

Are you ready for GDPR? Short survey for event organisers

gdpr

As a student enrolled this academic year in the Executive Master in Event Management in IHECS Academy, I am conducting a research on the biggest challenges and opportunities for event organisers moving towards the European General Data Protection regulation (GDPR) compliance.

The GDPR will not make the work of event organisers easy next year. Any company gathering and processing personal data of EU citizens will need to comply with this GDPR by 25 May 2018 at the latest. Although there were data protection laws in place before, companies had little incentive to enforce them as the requirements were very basic and penalties for breaching data protection and privacy were very low.

With the GDPR, the requirements and penalties are much higher. Are event companies aware of this regulation? How will their business practices adapt to it? Are they equipped to comply with the GDPR? Does the GDPR set clear and understandable requirements that can be easily understood and applied by businesses?

The aim of this survey is to better understand to what extent event organisers in Belgium are ready for GDPR. Your help with this short survey would be much appreciated and completing it would not take more than 5 minutes. Your answers to the survey will be anonymous and will only be used for research to complete my End of Studies Paper (TFE) to be presented in October.

Link to the survey here: https://www.surveymonkey.com/r/LGDL5ZZ please submit your responses by September 8th.

Thanks a lot for your feedback!