Data Protection & PrivacyeventPower is committed to protecting the data and privacy of our clients. We are continually improving our internal processes, customer communications, and policies to comply with the ever-changing privacy landscape. As of May, 2018, we are fully General Data Protection Regulation (GDPR) compliant and are actively pursuing EU-U.S. Privacy Shield certification. Additionally eventPower working towards ISO 27001 compliance to demonstrate our commitment to information security. Read more to see how eventPower can help you meet these legal challenges for your upcoming events.
What is GDPR?The General Data Protection Regulation is a new law that went into effect May 2018 and affects anyone who processes personal information about European Union (EU) persons. As most events have at least some international participation, it is important that you are working with a company who understands the regulations and can help you ensure data protection.
How can eventPower help you with GDPR compliance?As an event planner or show manager, it is your responsibility to correctly manage personal data about your attendees, speakers, exhibitors, and event participants. This includes ensuring legal basis for collecting their personal information, obtaining consent, managing data subject requests, and being able to provide auditable data regarding these details. eventPower, as your data processor, will:
- Provide you a Data Processing Agreement (DPA) as part of our standard contract
- Obtain consent from your attendees, speakers, etc.
- Provides reporting and an audit trail for provided consent
- Can help manage data subject requests
- Assists with the management of many of these requirements
What is Privacy Shield?The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Do I really need to worry about any of this?While GDPR only affects persons from the European Economic Area (EEA), good privacy and data protection practices is something we all expect from our providers. With eventPower being GDPR compliant and focused on privacy-first software, we can help you be compliant with privacy regulations and properly protect your event’s data.
Will eventPower ensure that I am GDPR compliant?While we can help with your GDPR compliance and assist with properly processing personal data of your event participants, we cannot ensure your compliance. As the event manager, you are the controller and ultimately responsible for managing your data subjects. While we are really good at what we do (software and services for your events), you’ll have to get your legal advice elsewhere.
What is a DPA?As a client of eventPower, we may ask you to sign a Data Protection Agreement (DPA). eventPower typically acts as a processor helping you manage your event data. The DPA details how eventPower will process your event data, how we protect it, and how we can return it once our contract has ended. The DPA is important for GDPR and Privacy Shield compliance, and provides you assurance that eventPower is handling your event data as you would handle it yourself.
Where can I find more information?EU General Data Protection Regulation
EU-U.S. Privacy Shield Framework