GDPR stands for The General Data Protection Regulation and its real aim is to give more protection to an individual’s data in this modern world.
This law is mainly going to affect companies based in the US. This regulation states that If you do business with a company based in the EU, now or in the future, this regulation will directly affect you. Even if you don’t do business in the EU, if you do business with a company that does business in the EU, this will likely affect you as well.
The GDPR can be divided into two categories:
- Privacy Protection/Security
- Data Protection/Security
Let’s take a look at the consent for a moment. It states that consent must be explicit for the data to be collected and the purpose for which it is being used. So, when a person registers for an event it must be such that the event organizer explicitly states that the data being collected and used. If the attendee does not explicitly consent they are deemed to have opted out of their data being collected. The attendee can also opt-out at a later date.
The GDPR also speaks of data protection by design and default. Article 32 of GDPR states that “the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.”
This means there will be a higher level of data security as it contains credit card numbers and social security numbers too. Encryption of data might be an obvious answer but the fact that the encryption key is likely to remain with the data owner is likely to cancel out this option.
Beyond that, it will depend on a variety of factors, including the type of data, as discussed above, and how the data is being used. And, as hackers discover new ways of stealing data, new countermeasures will be required by GDPR as well.
Although you are not doing business in the US it would bar you from acquiring the data of those attendees that will come from the EU to attend the expo.