GDPR: How are we being compliant?
We have always taken great care of our client's data, and the data of their delegates and guests.
Therefore, we are keen to ensure we follow all government guidelines and regulations regarding the storing and sharing of data. The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018, and we've been working hard to make the necessary changes to ensure our compliance with these new data laws.
In preparation for the enforcement of new policies, we have appointed an in-house DPO (Data Protection Officer), who is responsible for making sure that as a company, we stay up-to-date with and quickly enforce any new data privacy laws.
What is personal data?
Personal data is any information that can identify a living person. For example, this may include email addresses, full names, passport details, or photographs. GDPR is in place to ensure that individuals have more control over the way that their data is used for protection purposes. We have been making changes to ensure that we are doing everything we can to protect your data:
- All of the laptops we work from have been encrypted, and documents password-protected to ensure that your information is secure.
- To ensure that everyone we work with are equally compliant, we are going through all of our suppliers to make sure we have the right agreements in place to protect your data.
- We've invested in encrypted tablets to be used on-site for a new sustainable and safe way to access essential documents without printing and therefore risking a data breach.
- We've carried out a full internal audit of all data held in order to get rid of any information that is unnecessary or irrelevant.
- All staff members have undertaken First Event GDPR training, giving them a brief outline of GDPR law and how it has changed, what it means for us as a business, and what it means for data subjects/clients. It also contained vital information about how to identify personal data and data breaches.
Why does this matter?
The GDPR focuses on the protection of EU citizen's individual data privacy, and the way organisations approach and use personal data. In a nutshell, the new laws give individuals much more control over their own data and who can use it. Our compliance with these new data laws will ensure that no matter what, your personal data will be protected, secure, and used only for the purpose of your event and its duration.
All personal data kept adheres to any other laws and is completely transparent - meaning you'll know how and why we use it, and will never be used for anything other than its true and lawful purpose. We'll ensure that your data is kept accurate and up-to-date for no longer than necessary, and that the only information kept is relevant to its purpose.
What are your rights?
As a data subject affected by these new data laws, you possess the 'right to be forgotten' (officially known as the 'right to erasure'), which means that you can request for an organisation to completely erase your data. Exceptional circumstances may prevent this and require further investigation, however, the new data laws have been designed to give individuals more control over their own data.
You also possess:
- The right of access, which allows you to request access to the data that we hold on you, leading to the right to rectification, meaning you can make any necessary corrections.
- The right to restrict processing, which means that you are able to restrict or completely object any processing of your personal data.
We spoke to our DPO, Chantelle, who explained the importance of the new laws and changes that will come into place on 25th May 2018.
Why is GDPR so important?
GDPR gives people control over their own data, and that data cannot be shared without consent, or misused without consequences. The way that technology has changed since the Data Protection Act in the nineties is huge, so an update in laws is something that was essential to ensure correct procedures are in place to deal with personal data.
What does this mean for clients and customers?
Due to the new GDPR law, clients can be sure that we take data processing seriously, and they can have some control over their own data, along with their customers' data. They can be certain that we won't be using the data they give us for anything other than its given purpose, and will never use their data without permission.
How have we updated the way we work?
You can also get up-to-date guidance on GDPR regulations from the information commissioner's office.