April 24, 2019
The General Data Protection Act (GDPR) is a European regulation designed to protect the privacy of EU citizens and to give them control over their personal data. The GDPR not only applies to companies within the EU, it also extends to foreign companies that collect or process the personal information of European citizens. Penalties for non-compliance can surpass 20 million euros.
In the festival and event industry, we collect a significant amount of personal information from employees, contractors, artists, crew and attendees. Additionally, we use a variety of different technologies to collect, store and process this information: Ticketing software, mobile attendees apps, RFID/Cashless systems, marketing software and back of house management software. This information and the systems we use to manage it are crucial to delivering a world class festival or event. If a festival or event, no matter its location, collects, processes and stores the information of European citizens, it is legally required to comply with the GDPR. Not addressing this regulation appropriately leaves festivals and events open to risk of massive fines and potential lawsuits.
The GDPR is a complex piece of privacy legislation that requires information security and privacy law expertise to properly implement and manage.
Here are a few high level requirements that are needed as part of GDPR implementation plan:
The GDPR is the most aggressive piece of privacy legislation ever passed into law. It sets an unprecedented standard of protection and control of personal information. As festival and event organizations have expanded their use of data and data management systems, the passing of this legislation puts new responsibility, costs and risks on the shoulders of the festival and event industry. The result of failing to take this act seriously could have catastrophic impact on your business.
If you would like to learn more about implementing GDPR into your festival or event organization, click here to download our eBook.