International visitors and exhibitors are an important segment of trade show participation.  Some organizers even offer special visitor programs and exhibitor pavilions to their overseas participants.  The rules that govern how we handle the personal information associated with these participants have changed.

You may already be aware of the General Data Protection Regulation (GDPR) since it has made the news with some regularity recently.  But what it is and what it entails may still be a mystery.  This will help to clarify the GDPR.

What is GDPR?

The GDPR, agreed upon by the European Parliament and Council in April, 2016, which  on May 25, 2018, will replace its predecessor, the Data Protection Directive, is Europe’s primary law regulating how companies protect European Union (EU) citizens’ personal data.

What constitutes personal data?

According to the GDPR website (http://www.eugdpr.org/), ‘personal data’ is any information related to a natural person (a ‘data subject’), that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What does GDPR do?

In short, the GDPR imposes a uniform data security law on all EU members so that each member state no longer needs to write its own data protection laws, and so that laws are consistent across the entire EU.  Furthermore, any company that provides goods or services to EU residents, regardless of its location, is subject to the regulation.  Consequently, GDPR will have an impact on data protection requirements globally.

Some of the key privacy and data protection requirements of the GDPR include:

  • Consent of subjects for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to appoint a data protection officer (DPO) to oversee GDPR compliance

What should we do?

The most important thing we can do is to familiarize ourselves with the GDPR rules and requirements (http://www.eugdpr.org/).  By beginning to implement data protection policies and solutions now, we will be in a much better position to avoid penalties and achieve GDPR compliance when it takes effect.