MICE Seoul

home MICE SEOUL

The Impact of the EU’s GDPR on the Convention Industry

ㅤㅤ

On May 25, as the EU began enforcing the General Data Production Regulation (GDPR), the responsibilities of companies and organizations that handle personal information were strengthened. The companies and organizations that are on the receiving end of the regulation found themselves in need of a response system and have been paying attention to the ripple effects of the GDPR. This is because companies that commit serious data breaches not only will be restricted from doing business within the European market but will also be slapped with a fine of up to €20 million or 4% of their annual sales, whichever is greater.

On May 28, the Korea International Trade Association and the Korea Trade Investment Promotion Agency held a forum titled “Support for Korean Companies’ Countermeasure Preparations for the GDPR,” and the gaming industry held a briefing session on June 18 to discuss countermeasures and to help those within the domestic gaming industry understand the GDPR. However, when it comes to the domestic convention industry, there have been no discussions had or actions taken.

The first matter that needs to be examined is whether the GDPR will have any sort of an impact on the convention industry. The GDPR applies to all data regulators, data processors, and data protection officers (DPO) that handle the personal information of the residents in the EU. This not only applies to those within the EU, but also to organizations based outside of the EU if they collect or process personal data of individuals located within the EU. In other words, the application of the GDPR goes beyond Europe and extends throughout the world.

Therefore, even if a convention is being held in Korea, if a resident of the EU happens to attend the event, the GDPR would apply to any domestic organizations that are handling the personal information of such attendees. Many are predicting that the changes brought about via the GDPR will be one of the biggest changes that the convention industry will be confronted with in the future. It is anticipated that the methods used to collect, process, and protect the data of EU residents that attend events will drastically change due to the GDPR.

Event organizers collect data through a variety of companies and channels such as registration companies, mobile apps, social media, and survey companies, and the data that is collected can include everything from an attendee’s name, occupation, and contact information to any food allergies and possible disabilities. Not only do event organizers have to follow the GDPR, but service providers that collect data must also comply. If a service provider is found to be in breach of the GDPR, the responsibility also falls on the event organizer.

The GDPR also protects web data such as IP addresses and cookie data, and it states that if an end-user does not explicitly give their consent for the handling of data relating to their racial or ethnic origin, religion, or genetic characteristics, this data can not be processed. The existing format of getting an attendee’s consent by simply putting up a sentence that says they agree to everything related to how the event processes their registration information and putting a checkbox underneath it will no longer be accepted. The attendee must be informed about how each piece of their data will be processed, who will be processing the data, and for what reason; then, consent must be received separately for each piece of data. The attendees who provide their data also have the right to check how their data has been processed and request revisions. All of this also applies to hosted buyers.

Since a great deal of the contents under the GDPR are not expressly described in the standards of the domestic privacy laws, it is necessary to refer to the domestic legal system when drawing up a response system. The commerce and contents industries have already employed the help of legal experts and related industries to come up with a response system. As the GDPR has already taken effect, it is critical that the domestic convention industry quickly follows suit and comes up with a response system as well.

GDPR is being enforced under the premise that if a data protection system is established for the acceleration of the free movement of data and the processing of personal data that is necessary for the diffusion of innovative activities such as IoT, big data, and cloud platforms, this will ultimately contribute positively to industrial development. If we prepare a proper response system for the GDPR, we can look at it as an opportunity to more effectively process personal data in a system that protects information related to an individual’s privacy, and to boost the free movement of such data.

pp

ㅤㅤ

ㅤㅤ

ㅤㅤ

ㅤㅤ

ㅤㅤ

ㅤㅤ

ㅤㅤ

The Importance of Using Intellectual Capital in Destination Marketing
Discover beautiful Seoul with discover Seoul pass
TOP