This is a brief overview - read more about the Data Protection Toolkit here.
Data Protection - some key definitions
- Consent – The process of requesting a formal consent from an attendee acknowledging your data privacy processes and agreeing to providing you with their personal data
- Withdrawal of Consent – The process where an attendee withdraws their consent for you to use their personal data
- Data Administrator – An EventsAir User authorized to search for Anonymized contact records by encrypted name, email address or phone number and to produce a Data Processing Statement
- Data Processing Consent Policy – These are statements from you, the meeting organizer, to your contacts regarding your data privacy processes and procedures. These statements will be accompanied by a formal Consent or Withdrawal of Consent option for the attendee to select.
- Data Processing Statement – A document, produced on demand, that contains all personal data stored about an individual across all events, along with the Data Processing Log and Data Processing Consent Policies
- Data Protection Officer (DPO) – The Data Protection Officer is a designated person within an organization authorized to oversee and direct data privacy processes and procedures
- Personal Data – Any data provided by a contact for you to use for event registration and management, that is specific to this contact. These include, but are not limited to names, contact details, addresses, photos, and any other data you request that is unique and private to one person.
- Third Party Processors – These are any parties, individuals or organizations that receive personal data during your event management processes. These can include hotel partners, transportation vendors, caterers, your clients, or any other party that may receive personal details in reports, exports, and downloads.
- Anonymization – the process that removes all personal data from a contact record and retains other financial and historical information. This process also encrypts the name, email, and phone number of the contact, and this encrypted data can be searched for only by an authorized Data Administrator.
- Event Archiving – this process anonymizes all personal data contained within a specific event and removes it from day-to-day event management processes. Archived events can still be searched for and reported on.
- Logging – this is the process of recording, for historical and reporting reasons, all actions pertaining to data protection. This includes Consent, Withdrawal of Consent, and the logging of all instances where personal data is exported and accessed by Third Party Processors.
Applying the right processes and tools to your ongoing registration and event management gives excellent protection of personal data and helps you meet the reporting, logging and tracking requirements required from many of today’s data privacy regulations.
The Data Protection Toolkit
Like everything else in EventsAir, the Data Protection Toolkit is designed as a structured workflow for event organizers. This workflow follows the typical path that a planner would use in designing and running an event.
Read the Data Protection Toolkit.
How to contact the EventsAir Data Protection Officer (DPO)
If you require additional information about Data Protection, Privacy, PCI Compliance, or GDPR, please contact our Data Protection Officer via email: infosec@eventsair.com
Technical briefing: organizational measures for Data Protection and Privacy
This technical briefing can be requested by your organization, to give your organization and your Data Protection Officer details about the internal processes used by EventsAir to meet the requirements of the General Data Protection Regulation (GDPR).
The briefing reviews internal staff procedures and policies, EventsAir Cloud App security information, application server information, and information about the Microsoft Azure SQL Server.
To request this briefing, please ask your EventsAir Account Manager to send to you the Confidentiality Agreement and arrange next steps. For other queries relating to privacy and data protection, please email the CSO of EventsAir at infosec@eventsair.com
Print your GDPR Statement of Compliance
The GDPR Statement of Compliance is a PDF statement that describes and confirms that EventsAir meets the technical and organizational measures required as a Data Processor under GDPR.
To view and print the statement of compliance, follow these steps:
- Open EventsAir (but do not log in yet)
- Locate the link in the bottom right corner of the login screen that reads GDPR Compliance and click on it.
The displayed GDPR Statement of Compliance can be printed and provided to your clients requesting the information.