FAQ

Got some questions?
We're here to help...

GDPR May 2018

1) How will GDPR affect your business?

GDPR may affect your business in terms of how both new and existing data will be stored and processed. Organisations working with Personal Data are recommended to appoint a Data Protection Officer and develop strong company-wide awareness of the legalisation. Penalties for data breach include up to 4% of annual global revenue.

2) How will GDPR affect producing online events?

GDPR will not directly affect producing online events however it is important to consider that the subsequent use of any registration and viewing data must be made clear to the attendee at point of registering. For example, a privacy policy, statement of use and cookie policy must be displayed to users as they register with an opt in box. Note – this opt in box can be compulsory but it must be opt in not opt out.

3) What company privacy details need to be shown?

Privacy details including 100% privacy guarantee and protection must be clearly displayed to consumers. Consent forms on online/websites must also be visible.

 

4) What happens if the data is stored outside EU?

Data stored outside the EU is dealt with in exactly the same manner. All forms of data storage must meet the current GDPR standard.

5) Does GDPR apply to business and personal emails?

GDPR applies to both business and personal emails. Businesses require mandatory permission from individuals before any form of Personal Data storage or processing is permitted.

6) What are the options for my Opt-in process?

Data Owners have the option of applying either an opt-in and double opt-in process, depending on their interpretation of the GDPR regulations. It is essential that a customer is require to actively opt-in to their data being collected and processed, rather than being required to opt-out of any pre-populated tick boxes etc. If you choose to adopt a higher standard again, then the option is double opt-in, where at the point of opting in a customer is sent a plain text email asking them to re-confirm their opt-in status, and only when this is completed do you consider them as opted-in.

7) Do businesses have to show users have read the terms and conditions?

Yes. Evidence of users reading the terms and conditions is mandatory including a record of the field used in the data and also the date and time of the action.

8) How must the Data Owner and Processor store the consent information?

Consent information must be kept separate from other terms and conditions. There must be an audit trail of how and when the consent was given to evidence compliance if challenged.

9) How does GDPR apply to old data?

GDPR applies in exactly the same way to existing data. Before a company is to become compliant with the new GDPR, existing data must be reviewed and assessed to ensure permission has been validated throughout and meets the GDPR standard.