How To Achieve Data and Legal Compliance in the Events Industry

In the hybrid era, more information is changing hands than ever before. That’s why data security and legal compliance must be top of mind for today’s events industry organizers.

Since virtual and hybrid events became the norm, data has played an increasingly important role in the events industry. We now know more than ever about how to personalize events for the people attending and have curated better experiences because of that. 

But along with all of the benefits of more information comes a need to evaluate data security and legal compliance in order to keep your consumers and partners safe. They should be protected, and you should too. 

Why Data Security Is Important for the Events Industry 

Data is currency in the digital age. People understand that you know more about them than ever, and they want to know that you’re keeping their information safe. Data security is all about trust, especially with the rise of virtual and hybrid events, where people are logging in with a more traceable presence than ever.

There are two main forms of data that you have access to as an event organizer: 

1. Identity or personal data: This includes demographic data or contact information.
2. Behavioral or usage data: This is event-specific data, such as the sessions someone attends or the length of time they spend watching a broadcast.

In the events industry, all of this information is gold. Data can help inform your communications strategy, narrow down session topics, and give the sales team a leg-up by determining where an attendee is in the pipeline. But with great power comes great responsibility. 

“How we handle that data as an industry will determine fundamentally the long-term viability of any data-driven growth we may come to rely upon,” says Hugh Jones, CEO of Reed Exhibitions, in a 2021 panel discussion about data. 

We’re in a new era of data, and we’re still trying to balance the benefits and the risks. But that’s where the law comes into play. 

An integral part of good data security in event management is ensuring you’re compliant with current regulations. Achieving legal compliance in the events industry is non-negotiable. Countries around the world are working to tighten up their data security laws to prove just how seriously they’re taking it. 

Understanding GDPR Compliance

The General Data Protection Regulation (GDPR) is a central federal policy that came into effect on May 25, 2018. GDPR dictates how businesses, governments, and other organizations can process, store, and use the personal data of EU citizens and residents. 

Essentially, GDPR gives citizens the right to request the following:

• Deletion: Consumers can ask a business to delete or anonymize their personally identifiable information.
• Opt-out: Consumers can ask a business not to sell their info to a third party.
• Access: Consumers can ask a business to provide them with all the info that’s been collected on them.

As a result, here are the questions that event organizers have to ask themselves:

• What information can be viewed?
• What information can be altered?
• What information can be deleted?
• What are compliant ways to maintain and archive information?

GDPR also requires express, “unambiguous” consent for organizations to collect and use data. For events, this means that every data processor or tech vendor has a dedicated Data Protection Officer (DPO) to encrypt data and employ tools like single sign-on. 

Failure to achieve GDPR compliance can result in penalties up to €20 million — roughly $20,372,000 — or 4% of worldwide turnover for the preceding financial year, whichever is higher.

Understanding U.S. Laws Data Privacy Laws  

The United States doesn’t have a single overarching data privacy law like the EU. In fact, only three states have privacy laws in effect: Nevada, Maine, and California. The gold standard, and the best comparison to the GDPR, is the California Consumer Privacy Act (CCPA). 

What Is the CCPA? 

• Californian citizens have the right to access, delete, and opt-out of data processing
• Businesses cannot sell consumer data without providing an explicit opt-out opportunity to the consumer
• The definition of personal information is broad and includes biometrics, geolocation, employee information, and more
• Companies are required to “implement and maintain reasonable security procedures,” however there is no detail about what those procedures should look like 

CCPA versus GDPR 

• CCPA only requires a privacy notice on the site where consumers input data, as opposed to the explicit consent required in the EU
• CCPA doesn’t give consumers the right to correct or rectify their information

Although CCPA is the most comprehensive of the U.S. data privacy laws, other states have drafted their own versions of California’s privacy laws, with various rights afforded to each:  

• New York Privacy Act
• Massachusetts Data Privacy Law
• Hawaii Consumer Privacy Protection Act
• Maryland Online Consumer Protection Act
• North Dakota’s HB 1485

If your area doesn’t have specific laws drafted, it doesn’t mean regulations aren’t coming. Data security is a major issue, so establishing processes and protocols for your information gathering and archiving now could save you time and money later. 

Best Practices for Ensuring Data Security, Privacy, and Compliance

It’s clear that keeping information safe is integral for your business, your customers, and your reputation — but there’s no need to fear. We live in an information-obsessed world and protecting consumer data is easier than you might think. 

Enable Single Sign-on and Two-Factor Authentication 

Because remote work, virtual events, and hybrid events have people signing on from around the world, creating a safe gateway for that information is a great first step to protecting data. IT and security executives agree: A 2021 survey on cybersecurity infrastructure modifications found that 82% of respondents recently enabled multi-factor authentication, and 80% enabled single sign-on to combat security threats. 

Encrypt Your Information

Encryption is another lock on the door, and an easy way to give you peace of mind. Most operating systems already have encryption options built in, so be sure to take advantage of those. But even if you work exclusively in the cloud, there are ways to encrypt your documents to make sure private information never falls into the wrong hands. 

Educate Your Staff

Research from Stanford University showed that 88% of data breaches are caused by employee errors. The more educated your team is about the dangers of ransomware and the prevalence of phishing, the better they’ll be able to keep your company safe and compliant. 

Choose an Event Management Platform That Prioritizes Data Security

Feeling overwhelmed by the options and wondering how you can get all of your ducks in a row before launching an event? It starts with choosing a partner who takes care of the nitty-gritty for you. The right partner will also ensure you’ll meet legal compliance in the events industry through the following:

• Third-party evaluators: Regulations are always changing, so an event platform that uses third parties to assess procedures means you have a safety net below your safety net. 
• Support: Cyber threats don’t stop when the average workday does, so an event platform with a dedicated support team is a must for monitoring and rapid response.
• Certifications: Because these laws apply to everyone in the event world, your platform should be well-versed in the applicable regulations and should be compliant with international security standards. 

Information is always flowing before, during, and after hybrid and virtual events, and how you manage that information is key. If data security and events industry legal compliance isn’t an integral part of your event strategy, it’s time for a change.

As you plan your next virtual or hybrid event, keep in mind the following:  

• Recognize the ways you collect and store information when organizing your events
• Stay up to date on changing regulations (e.g., GDPR and CCPA)
• Keep an eye out for new laws or policies in your region
• Find technical partners you can trust to ensure event management data security. 

Get Started With Bizzabo: Your Data-Compliant Event Management Software Partner

At Bizzabo, we’re committed to providing a secure environment for your attendees, and a compliant experience for you. That’s why we’ve completed SOC 2 Type 1 certification with leading professional services firm PwC. This certification analyzes Bizzabo’s security processes to ensure we meet industry standards for our operating systems and customer and attendee data, so you can plan your event knowing you’re fully compliant. 

Ensuring your data and legal compliance in the events industry and demonstrating to attendees that you value their privacy are table stakes now. Once you’ve created that secure foundation, you can get back to creating the kind of experience people will remember you for. 

Note: This article is intended to be educational. It is neither legal advice nor is it meant to convey legal facts or opinions. Be sure to consult a licensed attorney or regulatory expert to discuss your specific legal, data, and compliance-related issues.