The new EU privacy regulation known as “GDPR” was recently referred to in Greece as one of this year’s “very important issues” for professional conference organizers (PCOs) in terms of bidding for and organizing conferences in the country.
Speaking during the 8th Panhellenic Conference of the Hellenic Association of Professional Congress Organizers (HAPCO), President Irini Toli said that the new regulation is expected to create problems in the communication process of PCOs with their clients and delegates.
Approved by the EU Parliament on April 14, 2016, the EU’s General Data Protection Regulation (GDPR) goes into effect May 25. The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach personal data.
Organizations and companies in non-compliance will face heavy fines that in some case may reach 20 million euros.
“The new European directive on personal data is expected to create problems not only in bidding for conferences and promoting our services but also in informing delegates,” Toli informed the audience of PCO’s on Wednesday.
Speaking during a session at the HAPCO conference, Attorney at Law Dr. Grigoris Lazarakos gave a presentation on on how the GDPR regulation is expected to affect the conference and events market.
“This is a regulation that applies to everyone in the same way. It affects all sectors of the economy, hence the conference market,” Lazarakos told GTP Headlines, adding that PCOs must be careful to be in complete alignment with the provisions, both previous ones (that the regulation has incorporated) and the new.
According to Lazarakos, PCOs must respond to the data protection rights of clients, which include requesting consent to access data and complying with deletion requests from lists.
“These are all issues that a conference organizer will need when creating a database. It is essential for the operation of conference tourism,” he said.
By May 25, all companies in Greece that manage personal data must include an electronic data protection system, as is the case in other EU countries. The electronic data protection system costs between 5,000 and 6,000 euros and introduces a series of innovations.
Among other things, companies are required to keep records of the processing of all personal data. The system also introduces the obligation to carry out Data Protection Impact Assessment (DPIA) prior to any processing of personal data. Companies are also advised to designate a Data Protection Officer (DPO).
It is noted that the new EU privacy regulation applies to all organizations and companies, including public services, banks, insurance companies, hospitals and hotels.
Further information on the GDPR can be accessed through the website https://www.eugdpr.org/