Marty MacKay, DMCP, president, Hosts Global’s Alliance of DMC’s. Marty has spent her entire career mastering the event world. Her professional background began on the client side, where she learned the event business from the ground up while working at a leading fortune 500 company. Since joining Hosts Global in 2013, she has more than doubled the size of the Alliance and introduced best practices and standards across the membership. Marty is the president of ADMEI and leader in the hospitality industry’s focus to drive emergency preparedness.
On May 25th, the EU’s General Data Protection Regulation (GDPR) becomes enforceable and the magnitude of its implications for the meetings industry is indeed huge. So many aspects of our people-focused business include collecting — and sharing — personal data about clients and event attendees. Names, addresses, phone numbers, birthdates, emails, preferences and more are needed for airport manifests, tour registrations, restaurant reservations, recreation safety waivers, etc. We reuse data from prior events to prepare for the next. We keep in touch via email marketing. All of this and more will be impacted by GDPR’s requirements to obtain specific consent from individuals regarding how their data will be collected, managed and stored or deleted. At the core, GDPR is driving new conversations between clients and Destination Management Companies (DMCs) to ensure compliance. Our team at Hosts Global is diligently preparing our DMCs worldwide for these critical conversations and compliance requirements. As we prepare, we want our clients to rest assured that their people’s data will be handled securely, but we need everyone’s cooperation to get there — including our clients, so we wanted to share some insight on the conversations and challenges ahead.
Under GDPR, the client/DMC relationship now encompasses the roles of Data Controller (client) and Data Processor (DMC). As such, we have new responsibilities to each other, requiring new conversations to ensure we stay on top of our respective data chains and provide exemplary experiences for our guests.
These conversations need to occur at the very beginning of building of a program since the most important aspect of GDPR compliance is consent. This means consent from event attendees that that their Personally Identifiable Information (PII) will be shared with event suppliers, including the DMC who will also be passing along elements of guest’s PII to their subcontractors.
Many of our clients also require registration websites for their events. It is important to make sure you are working with a GDPR-compliant registration provider.
It’s a lot to wrap your arms around. Ultimately, continuous, open communication and prudent processes will undoubtedly pave the way to a smoother GDPR transition.
“GDPR is specific to EU citizens and my group isn’t from the EU, so this doesn’t affect me”
How can you tell? At Hosts Global, we understand that we don’t (and can’t) know the citizenship of all our event attendees. So, we’re taking a holistic approach to protecting each individual’s data and will work to universally apply new SOPs to every attendee — not just Europeans — going forward.
“I don’t do meetings outside of the United States, so this doesn’t affect me.”
Unfortunately, that isn’t true. If you handle meetings anywhere across the globe where you have EU citizens attending, you must adhere to the GDPR regulations for protecting their privacy.
We should not expect initial GDPR compliance to be easy or simple. We all store so much data that we never think about. Having to confront legacy data systems, clean them up and manage them in new ways is a monumental undertaking. I know this all too well. Our own Hosts Global website is undergoing revisions to ensure it is GDPR compliant ahead of the deadline. We have work ahead of us. Every time we get one thing done, something else pops up. But we persevere. Temporary hassles spurred by GDPR are far outweighed by the long-term benefits of better data protocols. After all, it’s all about providing our clients and their attendees with the utmost in care, protection and service.
Though GDPR is a product of the digital age, its success — indeed all of our successes — depends on the enduring, timeless value of effective communication and trusted relationships. We look forward to driving these new conversations with you. C&IT