If you’re an event manager, you know that ensuring the privacy of your attendees is a top priority. After all, you don’t want their personal information falling into the wrong hands. So here are a few tips on enforcing data privacy at your next event.
GDPR is a new data protection law that impacts companies that collect, use, and maintain the personal details of EU citizens. In light of GDPR’s implementation on May 25, 2018, event managers should know how this affects their organization and attendees at their events.
Suppose your company handles sensitive attendee information such as name, address, or email. In that case, you’ll want to evaluate whether or not your current processes are in line with GDPR guidelines for data privacy. If they’re not – get ready to make some changes!
Here are ten steps you can take right now toward ensuring an efficient implementation of GDPR across your organization:
What about facial recognition technology? GDPR does not prohibit the use of facial recognition; however, it is likely to come under stricter regulation in Europe than it has been so far. According to GDPR, an organization must inform individuals of the existence and use of such technologies and obtain explicit permission from them before they’re used (Article 4(11)).
This means that unlike CCTV cameras which can be installed throughout a city with no disclosure or direct consent given by citizens – companies will now need to explicitly inform customers their faces will be scanned and recorded if they wish to do business on those premises. With such strict regulations surrounding how face-scanning technology is deployed within the EU Member States starting May 25 – many companies may decide to avoid this technology altogether.
GDPR is not the end of facial recognition for businesses in Europe and elsewhere – but rather, it’s just the beginning of how to deploy this technology within the EU ethically. As legislation continues to improve over time – we will likely see facial recognition software become more widely used in everyday life (business, tourism, etc.). But only when consumers are made aware and given choice to make an ethical decision about whether they wish to be identified or not – will this technology truly take off in a responsible way that benefits all parties involved.
For your organization to support GDPR guidelines, you will need internal software that can help monitor and control user access to all sensitive personal data. There are several options on the market for this type of management software. Still, it is essential that you choose one developed with strict GDPR compliance in mind – otherwise, you may find yourself unable to meet these new regulations.
Some good options include:
The California Consumer Privacy Act (CCPA) was approved in June 2018 and is scheduled to effect in 2020. The CCPA will apply only to collecting personal data, including video surveillance captured in public spaces such as stores and shopping malls where at least 50 people can be identified by name, image, or another unique identifier.
It does not include security cameras in private residences or other locations not open to the public. In addition, under this new law, companies that collect personal data will need to disclose their privacy practices, including whether they share information with third parties and provide a link for a consumer to opt out of having their information sold.
This law, which went into effect in 2020, states that personal data means “any representation of information that identifies an individual,” including video surveillance. In addition, the law will require companies to tell individuals what data is being collected and why, take reasonable security protections, and make sure the information isn’t sold or used for unauthorized marketing or otherwise exploited.
There are exemptions for small-scale closed-circuit television (CCTV) systems operated by private entities such as businesses that monitor their premises, such as factory floors and shipping docks.
The New York State Senate passed a bill in May 2019 that would require companies to disclose what kind of data is being collected, provide an opt-out right for individuals whose personal data is collected or used, and set security protections for the information. This law also exempts small-scale surveillance systems run by private entities.
The Hawaii law, which went into effect in early 2020, requires companies to tell individuals what data is being collected and why; disclose any third parties with whom the information will be shared or sold or who will market products based on this information; and provide an opt-out right.
Maryland’s law, passed in 2018, requires notification when personal data is collected from online users and also when it is sold or shared with a third party. However, the law does not apply to small-scale cameras in private homes.