Check out our article on the GDPR to have a better idea on how this reform is shaking up companies.
Time running out and the GDPR will take effect on the 25th of May. For several months now, we have been hard at work preparing for this regulation, by studying and taking into account all variables. Through our journey here is what we found and applied.
The GDPR is a major step, not only because it will impact the protection of personal data but, it in itself requires major changes. Personal data is an information that can identify you (directly and indirectly); your first or last name, your ID number. With the GDPR elements like dietary restrictions, the color of your hair etc…will be categorized as personal data.
In the context of GDPR, the storage of personal data is temporary. This means that this type of data must be relevant to the person who is collecting it for a defined time period.
Event platforms like ours store personal data on databases, for our clients during the event cycle.
The question we asked ourselves was: how can we be completely transparent on what is being done to user data. The user’s consent is one of the main reasons why the reform was introduced. It gives users increased safety when browsing the web and keeps them informed on how their personal data is being used and stored.
This is also why we must explain to users who we are, why we are collecting data, how long and who has access to it. Irrelevant data will be wiped away.
Your data, your decisions
Eventdrive user’s have the right to take charge of their data. You are able to see the data we collect about you and edit it. The user now has the choice on how often the service provider can send them notifications (emails, pushes…). They are also able to completely delete their accounts and the data linked to it.
Our role is to deliver a service completely customised for our clients, this is why we collect data. On top of that we promise to collect data that is necessary and serves a purpose.
What is the GDPR?
How does it impact the events industry?
Getting to the core of confidentiality
Our promise goes above and beyond our user’s data protection. It is closely linked to security. All information that we ask is stored in the most secure way.
These points ensure the highest security measures for your data:
- The development of a secure infrastructure and data storage center in the EU that is completely private.
- Encrypted exchanges between our servers and the users (strictly HTTPS and WSS)
- The certifications required for data encryption and securities are not hosted on the servers running our service.
- Firewall and WAF (Web Application Firewall) allowing us to detect suspicious behavior.
- An operations history of exchanges that is saved in order to trigger alerts and analyze potential threats.
For several years now, our R&D team have adopted the “Security by design” approach. This means security measures are no longer implemented after the development of the product but, from the design stage.
What are the top trends in events?
An adaptative organization
The GDPR aims to hold stakeholders accountable. Companies handling mass personal data must appoint a DPO (Data protection officer). This is a diverse role as the person with this responsibility must ensure legislation is adequately implemented by the company and its possible subcontractors (Eventdrive is completely developed internally). The DPO must inform, advise, control, cooperate and alert authorities.
Additionally, numerous procedures have been put in place to ensure rapid and intelligent actions on issues such as data leaks or inaccessibility of the service. These procedures play an important role internally in stopping and correcting problems and externally allow us to effectively inform clients and users.
Preventive measures, a state-of-the-art security system and an ambitious team are what can guarantee the protection of your data. We believe that significant technical investment is essential to ensure a reliable and sustainable service that our clients deserve. We see the GDPR as an opportunity to create a trusting relationship with our clients and to improve our services.
Eventdrive has successfully passed all the security audits, concerning data security (including from multinationals in pharmaceuticals and financial industry). We are always updating our platform to comply with the latest European standards and anticipating the needs of our customers.