GDPR and Glasgows

Posted by Maisy Birdsall on May 22nd, 2018

There’s been a lot of buzz surrounding the General Data Protection Regulation, commonly known as GDPR, which is a new data privacy law that will be enforced starting May 25th, 2018.

This new law means important changes for many of us in the events sector, so it’s crucial to be prepared. While it may feel a little like red tape, these policies are designed to build trust with clients and delegates; and to provide a better user experience, which is our end goal anyway, right?

Glasgows is committed to providing delegates, clients and customers with tools to make it easier to be GDPR compliant as of May 25th and beyond. Here are some important points to consider.


What Is GDPR and Who Should Care?

Passed by the European Union (EU), GDPR changes data privacy requirements for organisations that control or process personal data for people who live in the EU (and, yes, that includes folks in the UK), regardless of where the organisation itself is located.

To understand what this means for you, here’s a quick rundown on some key GDPR terms:

Data Subjects – Web visitors, contacts, leads, and customers who are EU residents and whose information is stored in one of your databases

Controller – Your company if you have information stored about people who qualify as “data subjects” (as described above)

Processor – Glasgows, or any other platform your company uses to capture and manage information about “data subjects” (as described above)

So…if you have EU delegates, site visitors, or prospective people you market to, you’re probably a “controller” and GDPR likely applies to you.


Glasgows and GDPR Compliance

The great thing about our event management platform (GEM) is that many built-in features help delegates, and clients, manage their data to be GDPR compliant. Being able to prove how delegates, or new customers, came into your database; and how they’re interacting with you is more critical than ever. This means that having a unified event management automation platform has become even more essential.

We’ve been creating new functionality to make it easier for customers to comply with GDPR, and strengthening our own policies to meet these requirements.

Bottom line: Glasgows has been fully compliant with GDPR since last year.

Here are some highlights of what we’ve been doing to be compliant.


Shiny new privacy policy

The first stop on our road to compliance is an updated privacy policy. This new policy clearly outlines what data we collect from delegates, customers, and from third parties, how we process and use that data, and how customer data and third-party data interact. In this policy, we’ll detail what our responsibilities are to our customers and their data in terms privacy laws. We also include specific examples of our data processing practices to break down how our privacy policy works.


If it happens, we log It

Glasgows already maintains an audit trail for many important events that occur in our event management platform, and on our servers, but we’re about to kick it up a notch. With GDPR, we’ll log these events even more granularly to show specifically how customer data is transferred, updated, deleted, accessed; and more importantly, by whom.


Verify, Verify, Verify

As mentioned above, our delegates/customers are the “controllers” of their personal data, and Glasgows is the “processor” of that data. So naturally, we want to ensure our clients maintain full control over their databases.

Because of this, when users call our event hotlines, we’ll ask them to provide additional information for certain requests. This will help verify their identity before Glasgows event support staff access their data, or perform certain actions, on their behalf. Better safe than sorry!


Transparency is key

GDPR requires full transparency about the collection of individuals’ data, which is fantastic for us. The more transparency by us means more trust from our clients, delegates, and customers.


The right to be forgotten

The “right to be forgotten” is one of the more well-known conditions of GDPR. If someone wants their data removed from our system, we’ll accommodate this request within 30 days – and don’t worry, our feelings will only be hurt a little bit!


That step further

It’s no secret that Glasgows likes to go a step further. Not only have we been working hard to give our internal policies a comprehensive review, and update them to reflect our compliance; but we’ve been helping our clients as well. Many smaller companies aren’t aware of how complex navigating something so large as GDPR is. So we’ve been providing practical advice where we can to try and help them get their ducks in a row.


Basically and in a nutshell – we won’t share your data with any third parties, we won’t bombard you with endless sales and marketing emails, but we may send you a little update every now and again to let you know what we have been up to.

To review our updated policy, or if you have any questions or would like to contact us, please refer to our updated Privacy Policy here.


We also promise our next blog will be a lot more exciting than this one but just as informative!


We hope you want to stay friends if you do receive an email from us and if you want to become a new friend of ours, please contact us ! We’d love to hear from you!


Team Glasgows x