You’ve probably heard about GDPR by now. But if you haven’t, here’s a quick recap: GDPR went into effect on May 25, 2018 after being approved by the European Union’s (EU) Parliament. Its goal is to better protect citizen privacy and information. For businesses, that means stricter data regulations and restrictions. So it encompasses areas such as storing client information, using security cameras, telemarketing, social media, and email marketing.
In short, GDPR is kind of a big deal.
According to EUGDPR.org, “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.”
Yep—the single most important data change in two decades. In a digital world where companies deal on the daily with prospect and client data, you can see how this might disrupt marketing everywhere. And crash some parties.
Basically, if as a business you process data or have any dealings with EU citizens, you must abide by GDPR regulations. Even without a physical presence within the EU, you will still be expected to comply, unless you can guarantee you will not interact with an EU citizen.
Now you might be thinking, especially if your company operates outside the EU, that you’ll take the risk. You might want to think twice about underestimating GDPR. Because, well, it’s “kind of a big deal.” Just ask Google.
The French Government sued Google for failing to properly disclose how they collect a user’s data and use it afterwards. GDPR ended up costing this website giant $57 million. The Google GDPR lawsuit is a warning to all companies. To avoid lawsuits and fines, businesses across the world must adopt GDPR standards. Failing to comply could result in fines of $22 million, or 4% of your annual income.
Businesses need to understand all of these new rights, especially the rights surrounding data subject access requests (DSARs). Data subject access request rights allow the public to learn what your organization knows about them and how you use that information. Even though “access” is in the term, Data subject access requests allow consumers to delete their personal data, modify it, dictate with whom you share it, and more.
Along with GDPR, it is important to note if your business is also impacted by CCPA. As of January 1st, 2020, the California Consumer Privacy Act (CCPA) went into effect. With the newest privacy act, California has expanded individual privacy rights within the US. Certain companies who engage with California residents must comply or face penalties. Review CCPA and how it will affect you at trade shows and events.
Quick GDPR Guide
Well, if you’re still reading this, you probably realized your company needs to comply with GDPR. For most businesses, the number one important way to comply to GDPR is to gain consent to use personal data. This means disclosing the following information:
- Who you are
- Why you are processing the personal data
- What the legal basis is
- Who will receive the personal data (if applicable)
Along with disclosing this information, you also need to obtain consent. According to the EU Commission, the consent should be “given by an affirmative act, such as checking a box online or signing a form.”
With such a drastic change in personal data processing, many CRMs have adapted to make GDPR easier for companies. Social media and marketing automation platforms in particular have made changes to help you become GDPR compliant. For example, the email marketing platform Mailchimp has GDPR-friendly forms available that you can customize to meet your company’s legal needs and standards.
Apart from digital contact, businesses that attend trade shows have an entirely new problem. How can you be GDPR compliant at trade shows when you interact with hundreds of prospects face-to-face?
GDPR and Trade Shows
Trade shows are hectic. Your sales team will encounter tons of people and exchange conversation and conversation. Meanwhile, you’re busy with the logistics of setting up the booths, designing displays, handling travel arrangements, tracking expenses, juggling events, solving last minute problems, etc. With so much going on at these events, focusing on GDPR is probably the last thing on your to-do list. We definitely get it.
But procrastination could majorly cost you. According to the EU Commission, more than 144,376 GDPR queries and complaints were recorded in its first year of existence, and the number keeps growing. As citizen awareness continues to increase, so will complaints and lawsuits.
So how exactly does GDPR tie into exhibiting at trade shows?
As a solution, many companies are using written forms at trade shows to gain permission to contact and process a lead’s information. But this process is just another paper to keep track of, manually record, file, etc. It also means the sales team must remember every time they obtain someone’s contact information to also have that person sign a form. Inconvenient, but not a huge deal if you only get one attendee at a time. Of course, we all know trade shows don’t work like that (if only). So when the inevitable rush comes and a rep forgets to obtain permission, you’re opening yourself up to possible lawsuits.
What’s the best approach then? How do you minimize risk?
You need to simplify the process. With a mobile lead capture solution designed to abide by GDPR, like iCapture, you can do away with tedious forms for GDPR authorization and eliminate the guesswork.
Making GDPR Easy with iCapture
We created iCapture to make your trade show life easier—GDPR is no different. Here at iCapture, we have designed everything with GDPR is mind so your company no longer needs to worry about it during events. After events, if any individuals contact you with a GDPR query, we make the solution simple. Below are some of the GDPR capabilities through iCapture:
Digital Opt-In
For the majority of companies, the most important feature is digital opt-in. This is the official authorization from the individual permitting you to contact him/her. iCapture makes it easy to include an opt-in question, terms and conditions agreement, and signature capture. You can customize all the content to satisfy your specific needs. After capturing an attendee’s contact information, the GDPR opt-in question appears on the main screen. This is a non-intrusive, quick way to gather authorization from each person during the capture.
Right to be Forgotten
GDPR Article 17, or the “Right to erasure” and “Right to be forgotten,” is a more commonly cited article that may require your company to remove personally identifiable information (PII) of a data subject upon request without undue delay. To comply with any such requests, you can ask the iCapture team to permanently delete relevant personal data. Upon removal, we will provide transaction ID(s) to serve as references to the deleted personal data.
Right of Access, Right to Rectification, Right to Restrict Processing, and Right to Object
- Right of access: If any individual were to request what personal data we are processing, where, and why, we would be able to retrieve that information for you.
- Right to rectification: In a case where a data subject asks to correct, revise, or remove any of the personal data stored, we may do so at anytime.
- Right to restrict processing: If anyone contacts you with the complaint that his/her personal data is inaccurate or collected unlawfully, we can reduce the usage of that personal data per the individual’s request.
- Right to object: Lastly, if a data subject decides he/she no longer wants to include his/her personal data in our analytics for us to provide targeted marketing content, we can remove this personal data at any time upon request.
GDPR and Your Business
GDPR compliance is of utmost importance when collecting leads at trade shows. Businesses must prioritize data privacy and protection to maintain trust with their leads and avoid costly penalties. By understanding the scope of GDPR, obtaining lawful basis for processing, practicing transparent data collection, ensuring secure storage and personal data protection, respecting data subject rights, implementing data retention policies, and carefully managing third-party data sharing, companies can successfully navigate the regulatory landscape while maximizing their lead generation efforts.
By prioritizing GDPR compliance, businesses not only protect the privacy of their leads but also build a reputation for ethical personal data handling. This commitment to data privacy enhances trust, fosters customer loyalty, and contributes to long-term business success. Remember, GDPR compliance is an ongoing process, requiring continuous monitoring and adjustment as regulations evolve. Stay informed, adapt your practices accordingly, and maintain a privacy-focused mindset in all aspects of lead generation at trade shows.
For additional information on GDPR, visit the EU’s official GDPR page here. To learn more about iCapture’s GDPR capabilities, go here.