GDPR One Year Later

At this time last year, the countdown was on for the official launch of the EU’s General Data Protection Regulation (GDPR). Many studies showed companies weren’t ready for the May 25, 2018 implementation date, which led to much speculation about what would happen when the rules finally arrived.

Now, the first anniversary of GDPR is just weeks away. Executives, privacy professionals, government officials and others have begun offering their retrospective looks at the first year, and event organizers have a better understanding of the importance of GDPR and how event technology companies should respond to questions about compliance.

EU-Based GDPR Compliant Companies Are Taking The Lead

Nicolas Rieul, CMO and chief strategy officer of the Paris-based S4M, which uses ad tech to track the connection between digital advertising and offline buying; and Michael Nevins, CMO of Smart, an ad server and RTB platform, also based in Paris, recently suggested that, “because of the emergence of GDPR, Europe is taking the global lead in technology innovation while other regions are distracted by compliance issues.”

They agree that U.S. companies need to learn from the European GDPR experience and make data collection and usage a central part of their business models.

As a UK-based company, Gleanin is fully GDPR compliant and has always placed information security and data protection at the heart of what we do.

Like other EU companies that have had to deal with consumer privacy and data protection for years, Gleanin is in a unique position now as the U.S. embarks on its own privacy regulation journey with measures like the California Consumer Privacy Act.

How Gleanin Addresses Common Questions about GDPR Compliance

No matter where the event is located, data protection and privacy remain top concerns for organizers almost one year after GDPR was implemented. Because technology providers handle much of the data for events, they need to be GDPR compliant.

Here are key questions organizers should ask event technology providers about their data privacy and protection policies and how Gleanin responds:

1. How do you collect data/personally identifiable information?

One key tenant to GDPR is around consent – giving clear and explicit permission to use personal data. Gleanin takes an open and transparent approach to getting consent from event registrants. Users must provide consent via clear affirmative statements or take action that represents consent to share data or personally identifiable information in a referral marketing campaign. Users can easily withdraw consent whenever they wish to.

2. What data/personally identifiable information is stored?

At Gleanin, we store information we receive from the registration company and the social network, such as first name, last name, email address, badge number, job title and company name, Social Connections, Social Profile Photo, Social Profile URL and Social Account Authorization Tokens.

3. How will stored data be used?

We break down how each piece of data will be specifically used, for example:

4. Where is data stored, and what level of encryption do you use?

All of Gleanin’s data, logs and backups containing personally identifiable information are stored in Ireland. Data is encrypted with SSL while in transit, and AES-256 when at rest.

5. What is your data retention policy?

Personal data is automatically redacted from our records no later than 28 days after an event has completed. And of course, at any time, a registrant or client can request to have their information removed earlier.

6. What security framework and practices do you have in place?

Gleanin follows the framework and controls set out in ISO 27001 (Information security management systems) and the controls set out in ISO 27018 (Code of practice for protection of personally identifiable information (PII) in public clouds).

7. How do you meet the requirements of the GDPR?

In the case of Gleanin, we are a data processor. The event organizer remains the data controller. As we store personally identifiable information, we comply with GDPR per our Data Protection policy. All breaches of data protection will be reported to the Information Commissioner without undue delay and within 72 hours of becoming aware of the breach unless the breach is unlikely to result in a risk for the rights and freedoms of individuals.

Now that the impact and importance of GDPR are being felt, it’s more important than ever for event technology firms to demonstrate compliance. 

To learn more about using GDPR-compliant social referral marketing to grow your show, contact Gleanin for a demo.


November 26, 2019

Act on Referral-Marketing Data to Grow Your Event and Your Organization

Accurate and relevant data from referral-marketing platforms can aid decision-making, inform marketing campaigns, and g[...]

November 21, 2019

Gleanin and CustomReg Announce Partnership

LONDON, UK--Referral marketing technology provider Gleanin and Custom Registration, Inc. (CustomReg), developers of event registration solutions, have[...]

October 30, 2019

Lessons in Boosting Attendance from NAB Show Marketers

In case you missed it, Gleanin’s webinar, Case Study: Lessons in Boosting Attendance from NAB Show Marketers, received high marks from attendees. Th[...]