EVENT DATA PRIVACY
OBLIGATIONS - TOOLKIT - DEFINITIONS - PROCESS - BEST PRACTICE
The new GDPR law requires event organizers to keep a track of all personal data distributed to third parties (data intermediary*) and manage consents between data subjects and the data intermediary.
*Though PDPA defines data intermediaries as “an organization which processes personal data on behalf of another but does not include an employee of that organization”, GDPR defines it as “a natural or legal person, public authority, agency or anyone who process personal data on behalf of the controller."
KEY DEFINITIONS OF PRIVACY PROTECTION
Data Protection Officer (DPO) – The Data Protection Officer is a designated person within an organization authorized to oversee and direct data privacy processes and procedures within an organization
Data Controller – The officer that controls the distribution, tracking, credentialing, validation for access, privacy statements, reports, websites, merged documents, CRM, & mobile apps, that contains data that has been initially marked as “private”
Withdrawal of Consent – The process where an attendee withdraws their consent for us (and other third parties) to use their personal data
Logging & Tracking – this is the process of recording, for historical and reporting reasons, all actions about data protection.
It includes Consent, withdrawal of Consent, and the logging of all instances where personal data is exported and accessed by Third Party Processors.
Data Administrator – A User authorized to search for Anonymized contact records by encrypted name, email address or phone number and to produce a Data Processing Statement
Data Processing Consent Policy – These are statements from us, to the contacts regarding our data privacy processes and procedures. These statements will be accompanied by a formal Consent or Withdrawal of Consent option for the attendee to select.
Data Processing Statement – A document, produced on demand, that contains all personal data stored about an individual across all events, along with the Data Processing Log and Data Processing Consent Policies
Personal Data – Any data provided by a contact for event registration and management that is specific contact. These include, but are not limited to names, contact details, addresses, photos, and any other data you request that is unique and private to one person.
Consent – The process of requesting a formal consent from an attendee acknowledging our data privacy processes and agreeing to provide us with their data
Data Intermediaries – These are any parties, individuals or organizations that receive personal data to execute orders. They can include hotel partners, transportation vendors, caterers, or any other party that may receive personal details in reports, work orders, credentials, exports, and downloads.
As long as they do not re-distribute the data, they can remain as data intermediaries.
Anonymization – the process that removes all personal data from a contact record and retains other financial and historical information.
This process also encrypts the name, email and phone number of the contact and this encrypted data can be searched for by an authorized Data Administrator.
Event Archiving – this process anonymizes all personal data contained within a specific event and removes it from day-to-day event management processes. Archived Events can still be searched for and reported on.
OUR EVENT DATA PROXY SERVICE
As your event Data Proxy, we will be your data collector, controller, processor & deploy a Personal Data Concierge to answer all event personal data matters.
With event privacy concierge, data-giver can:
1. check the accuracy of their data (Article 5/15 GDPR)
2. have a copy of their Personal Data Statement showing who, when & why their personal data has been shared with.
3. modify their consent & have them acted. (Article 7/13 GDPR)
4. have answers queries on anonymizing, archiving & deletion of their data. (Art. 17 GDPR)
5. request & given a machine-readable copy of their data. (Art. 20 GDPR)
6. issue a stop processing order (Art. 18 GDPR)
7. modify app visibility
8. lodge complaints.
Our staff are trained in handling PDPA & GDPR matters. Clients have a choice of Onsite Concierge or Online Concierge
Please note that our proxy service is for the event data only.
1 – Identify Data Administrators
2 – Establish Default Data Processing Consent Policies
3 – Install the Data Privacy Widgets
4 – Identify Fields Containing Personal Data
5 – Mark Reports and Exports as Private or Public. Accredit report recipients, and assign credentials to access reports.
6 – Link to Display Data Processing Consent Statements in Interactive Sites, Merge Docs and third party suppliers.
7 – Display Attendee mobile App Visibility Option.
8 – Use the Data Protection Widget to monitor Consent statistics and to track which registration sites and apps are collecting Consent
9 –Test Data Processing Log, Personal Data statements.
10 –Manage Inquiries about Personal Data Use and generate Data Processing Statement
OUR DATA PRIVACY TOOL KIT
Our Data Protection Toolkit is a fully integrated set of tools and processes designed to help organizers provide data protection of client’s personal data.
The Data Protection Toolkit, along with the underlying system architecture exceeds all regulations and rules surrounding the protection of personal data. This includes the General Data Protection Regulation (GDPR) enacted by the European Union.
Applying the processes and tools to your ongoing registration and event management efforts will provide excellent protection of personal data along with the reporting, logging and tracking requirements that are required from many of today’s data privacy regulations.