The general data protection regulation (GDPR) was the most critical change in privacy laws in 20 year and caused a lot of grey hairs in our industry. Now, half a year after enforcement, what have we learnt and how can we make things better?
The good news is that event managers are much more conscious of the importance of data security. The not-so good news is that we see most of you struggling to adapt to the new requirements.
Many have over-compensated. You really don’t need a 20 page Data Protection Agreement or a privacy form that contains 100 questions. This only serves to reduce preparation time for event managers, create a headache for attendees and even put some events at risk… all of which miss the desired outcome.
Of course, there are some grey areas that need to be clarified, but in these cases, common sense must prevail. Too many event planners are reducing the services offered to customers (for example, lead retrieval), because they are afraid of the consequences of a possible lack of compliance, when in fact it is perfectly legal.
To help us help you:
- Minimise attendees being able to see other attendee details by having a host do the name check. Keep self check-in only for attendees who have their confirmation mail with the barcode on it.
- Prevent the name of the previous checked-in person being on screen by activating a privacy screensaver on the kiosk after each print.
- Ensure attendees’ full consent to facial recognition cameras by setting them up in a dedicated, clearly marked zone only for those who have opted into the process.
We strongly believe that GDPR is an opportunity to improve existing daily operations. That's what we’ve done at fielddrive. We reviewed our key processes and strengthened our already super-protected data. When you hold an event with us, you’ve got things James Bond would approve of, such as:
- Fully encrypted data storage on our kiosks (with little change to printing time).
- Locked USB ports on our devices, so data cannot be transferred to a flashdrive/memory stick.
- Locked kiosks overnight when necessary, to prevent physical access.
- Wiping of all data from kiosks before shipping, to prevent breaches.
- A system that accepts client-protected Excel lists/other databases.
- A system that allows clients to upload their own data to our platform or use an API integration between fielddrive and their preferred platform.
- Encryption of all data transfers between kiosks and the fielddrive webserver.
- Storage of biometrics data on a separate server that contains no individual delegate data.
- Authentication and activity logging for every kiosk operator.
- Badges that self-destruct within 10 seconds of leaving an event (only joking).
If you have more questions about our Data Protection Policy contact firstname.lastname@example.org
Visit fielddrive's blog here.