The countdown
to May 25, 2018, is set for compliance with the European Union’s General Data
Protection Regulation. Strategic meetings management program leaders can
leverage the opportunity to get visibility and oversight of rogue meetings and
events spend. One of the most common challenges among SMMP global category
leaders is their inability to see local country spend and local country
preferred supplier agreements. GDPR offers an opportunity for SMMP category
leaders to access all this information through a GDPR-readiness audit. Violating
GDPR will result in fines of 4 percent of annual global revenue or 20 million
euros, whichever is greater, so it shouldn’t be difficult for SMMP category
leaders and procurement to get approval to conduct such audits and then bring
the rogue spending and supplier agreements into the SMMP. Here’s what I
see in the market, and many companies will scramble to make the May deadline:
The PII
Governance Gap Audit: If you think about all the personal data flowing
through business travel, meetings and events, the data-governance-gap audit is
critical. SMMP leaders will figure out what personal data they have about
attendees, speakers and sponsors; where it came from; and whether they have
adequate consent to use it. Under GDPR, existing preselected boxes and opt-ins
are not enough.
Data Storage:
SMMP leaders are scouring the systems where data is stored and analyzing when
it was last used and what was it used for. Data accuracy is key here, as are
the processes in place to keep the data safe and, important for meetings,
whether that data has been shared with other suppliers and partners. SMMP
leaders will be busy ensuring they have adequate consent from participants and
that sponsors and suppliers are compliant with GDPR regulations.
Existing data
may take a hit. Corporates will have to communicate incorrect information back
to individuals. They will also be obligated to destroy the data if they never
had the proper consent in the first place. This happens often when merging
registration and attendee lists from other meetings and events. Indeed, this
practice will require much more oversight, and that necessitates a clear
understanding of what personal data is held, where it came from, where it is
stored and who it was shared with.
Documentation:
Organizations will have to be ready to show they complied with data protection
principles by having effective policies and procedures in place. And just as
financial audits are standard for travel programs, the meetings industry should
get ready for personal data audits to become the norm.
It’s hard
work, but it’s not bad news. The GDPR requirements will allow SMMP leaders to
get local country spend transparency and consolidate it under the main
corporate SMMP governance umbrella for greater control in 2018.