share
by Kevin Iwamoto | February 15, 2018

Kevin IwamotoMy evangelization of the EU’s General Data Protection Requirement (GDPR) [eugdpr.org] started in late 2016 after hearing about it first from Debbie Chong, CEO, and Patti Tackeff, president, of Lenos. I quickly realized that it will require a ton of work to get ready for compliance with this new data-privacy regulation for all multinational companies, especially in the meetings/events industry, where the handling of personal data is a requisite. Indeed, the measure involves a multitude of issues such as opt-in consent-form documentation; implicit and transparent descriptions of how people’s data will be used, by whom, for what reasons, etc., within those consent forms; having to respond to data breaches within 72 hours; documenting the deletion of data, and the list goes on and on.

Add to the above the processes, intermediaries, mobile app companies, tech companies, hotels, DMCs, etc., that handle meeting/event data, and it rapidly becomes overwhelming.

What has been most disappointing and shocking to me, however, is the level of denial that people have expressed to me. It’s the classic five stages: denial, anger, bargaining, depression and acceptance that industry professionals are dealing with now. I understand that everyone has their own acceptance process and timelines, but I would be remiss if I didn’t point out to everyone that May 25, 2018, is the date that the EU has established for compliance and standardization of data privacy — GDPR. In other words, you need to get through the five stages quickly at this point, because you have a lot to deal with both internally, within your company, and externally, with your supplier partners.

I’ve also heard denial-tinged commentary like, “What are the chances that the EU will enforce the stiff GDPR penalties on corporations?” All I can state here are the facts, and you can come to your own conclusion. Note that during the past 18 months, the EU has not been shy nor hesitant to file lawsuits and fines for a number of infractions involving overseas business requirements:

Aug. 20, 2016 – Apple, $16.1B
May 18, 2017 – Facebook, $140M
June 27, 2017 – Google, $3.08B
Oct. 4, 2017 – Amazon, $310M
Jan. 24, 2018 – Qualcomm, $1.28B

If you’re still in denial thinking that the EU won’t make the effort to file the maximum fines of either $20M Euro or 4 percent of gross annual turnover, whichever is higher, for GDPR violations, I would seriously rethink that gamble.

Kevin Iwamoto is senior consultant at GoldSpring Consulting. You can follow him on Twitter @KevinIwamoto