Back in the GDPR

Posted on Wed 6th Jun 2018 at 6:19pm

Lee Holloway, Operational Risk Specialist takes on GDPR and the reality of what companies need to be doing to be compliant

Firstly I have to credit the Beatles inspired title of this piece to Stewart Twynham, a 25 year cyber security expert who's a veteran of both the 1984 and 1998 Data Protection Acts and recently appeared on STV's Scotland Tonight to discuss the new GDPR legislation and who, along with the event industry's own Hellen Beveridge, has been an ally in recent social media forums seeking to look at GDPR - and sister legislation PECR - holistically and pragmatically. There has been so much narrative focused on just one part or another of GDPR without context to other elements of the legislation that its easy to see why there's been so much uncertainty. 
But I'll be clear from the outset, as I have tried to be with everyone I've worked with on this, including the Showlite team who have done a huge amount of work - I'm no more an "expert" than anyone else can claim to be at this moment in time without seeing how in the future the ICO engages with organisations - how it penalises and how it offers support. It's also not possible to be an expert until we see how the civil court system responds and how that will work with insurance and so on. All I can claim is that my interpretation of the legislation itself and the extensive guidance available is completely independent; I have no commercial angle, no product to sell, no approach to marketing that might benefit from an emphasis on any one aspect of the legislation. I do have a chartered/degree level background in a legal/risk management based discipline plus a diploma in para-legal studies and a 1986 most improved player of the year trophy - but despite all that - and the trophy was well-earned, I was utterly useless to start with - I'm just as likely to be proven wrong in court on a GDPR interpretation as the next guy. But...
For me - here are some important elements of GDPR that have not all necessarily been given sufficient coverage or attention in my opinion: 
Most of it is not new:
The majority of GDPR is already law under the existing Data Protection Act.  
Documentation is the main "new" bit
Keeping a paper trail of (a) what personal data you process, (b) under what lawful bases you process the data (c) how you assess "legitimate interest", (d) how you evaluate security risk in a DPIA and how you communicate what you're doing in Privacy Statements or Notices - these are key changes that GDPR brings in - think of it as doing health and safety policies, risk assessments and method statements but for data.
Consent is tougher but it's not the only way
Commentators have rightly spotted that if you use "consent" as your lawful basis for processing data for marketing then there is now a more prescriptive method required for this - people have to opt-in (ie not, not opt-out), and the process for this has to be clear, not hidden in terms and conditions and be as granular as possible, not "grouping" options.  But - the legislation clearly states that if it can be supported by a robust assessment then "Legitimate Interest" can be used as a justification for marketing activity in a B2B scenario.  This is because of the way the PECR currently differentiates between B2C and B2B.  So before you throw away your B2B prospect lists or try to qualify them through consent, you may want to reconsider - you might be able to justify this under Legitimate Interest. 
And although you cannot take a client's decision to purchase from you as "consent" to send them marketing materials - if they are a B2B client then the legitimate interest basis is again worth considering. 
If you don't send marketing materials to clients at all then definitely don't ask them to opt into anything - you can keep their records on file (securely still) under the lawful basis of "Contract". 
GDPR v Data Security
Not surprisingly there are many technology providers selling "GDPR compliant" solutions - but its important to remember (a) GDPR and data security are at least as much about procedure and employee discipline as they are about technology and (b) GDPR and the ICO are not prescriptive about data security so don't be persuaded with anyone saying "data has to be encrypted", or "you can't use spreadsheets anymore" or "Dropbox is not GDPR compliant" - these are similar statements to "you can't use ladders" in health and safety.  You can use ladders if they're suitable for the task which in some cases they will be and in others they won't - and if you do use them there are certain precautions you should take and procedures you should follow.  Exactly the same as data security. It's risk based. 
Privacy Statements should be succinct
They need to be fit for purpose - and they need to be easy to understand by the data subject.  For me, a few pages of good, relevant, plain English explanation is more likely to be looked favourably on by the ICO than a 20 page generic document that's impenetrable to anyone without a law degree.  
Effort should be ongoing
Showlite as a perfect example has set up a quarterly working group that will continuously review and improve its data (and other operational) arrangements on a permanent basis.  This is exactly what the ICO is looking for.  The regulator has already been quoted as saying it does not expect perfection from any organisation in relation to GDPR, but a genuine acknowledgement of and respect for the new legislation and a credible effort to comply and work towards better compliance.  This long term approach recognises that data security is always a work in progress and that technological options (and threats) will continue to develop over time. 
Showlite's clients at least can sleep well at night in the knowledge that the business has scrutinised the GDPR and PECR legislation over many months and will continue to work hard to ensure personal data is given suitable resource and attention alongside health and safety, sustainability and other operational risk. 


Our Services

“The onsite team is always happy to co-operate with the inevitable last minute changes.”
Natasha Messer, Events Operations Manager, Prospects Events
“Showlite deliver exceptionally high levels of personal service. I know that I can rely on them to deliver throughout all aspects of the pre-planning, build and onsite work”
Mark Mayo, Director, Motorcycle Expo
“I have no hesitation in recommending Showlite as a professional and reliable supplier of contractor services. They are totally trustworthy and in touch with the latest regulations and requirements”
Mirabelle Chatterjee, Head of Operations, Nineteen Events
“We had the pleasure of having Showlite as part of our event team. The staff took the time, care and attention required to make sure that our exhibitors and us as organisers felt valued and looked after”
Diane Sheppard, Event Operations Manager, Quartz Business Media
“Over 1,200 exhibitors, almost 4 miles of aisle carpet plus enough shell scheme to cover two football pitches and it was the easiest get in we have ever had. Quite exceptional”
Andrew Reed, Managing Director, William Reed Business Media
“Showlite worked diligently with great speed to complete the build in the allocated time. We look forward to working with them at our next show”
Karen Harris, Operations Manager, Idex Media
“Showlite have worked hand in hand with us, investing in design, stock and materials developing an innovative product for our customers”
Bill Hammond, Managing Director, 3rd Street Group
“It has been a pleasure to work with Showlite who provided a seamless delivery both presite and onsite.”
Paul Clarke, Organiser, Installer Live
“My sincerest thanks go out to all Showlite staff who played an invaluable part in what seemed the impossible task. It goes without saying that I would not hesitate in recommending their services to others.”
Phil Valentine, Managing Director, ETES, Southern Manufacturing & Electronics
“I can honestly say one of the smoothest builds I have ever experienced on an event in over 17 years”
Nicola Greenaway, Managing Director, Nineteen Events
“We have a longstanding relationship with Showlite. They demonstrate a real professionalism and dedication and I look forward to working with the team again!”
Hannah Webb, Head of Operations, Hemming Group
“A massive thank you for helping us make this year’s Hearth & Home Exhibition a success. ”
Claire Cox, Hearth & Home, Fireplace Marketing Company
“Thanks to everyone at Showlite for a job very well done at The Mayfair Antiques & Fine Art Fair! The event went beyond expectation and there were hardly any glitches at all.”
Ingrid Nilson, Director, The Antiques Dealers Fair Limited
“I really appreciated the positive attitude of your team and the willingness to support unexpected problem situations onsite. It has been a great pleasure working with you both!”
Joy-Fleur Brettschneider, Marketing & Operations Director, Solar Media Limited
“Thank you so much for all your support on PATS this year. Showlite were absolutely brilliant. ”
Jo Scotting, Head of Operations, Impact Exhibitions
“We always know we’re in a safe pair of hands with Showlite. They deliver professional results with attention to detail and focus on service.”
Jo Foreman, Operations Manager, Brintex
“I would recommend Showlite completely from the level of personal service, quality of work and positive work attitude to keep on going until the job is done.”
Emma Barratt, Managing Director, Broadway Events
“Thank you for all your help and support for the NFE show. We had a lot of last minute changes, and Showlite were very accommodating and professional.”
Angela Long, Sales and Marketing Executive, Wesley Media
“Many thanks to Showlite. Everything went really smoothly and the show looked absolutely fantastic.”
Mandie Lavin, CEO, NAFD
“Phex has never looked as good and the build-up and breakdown went really smoothly. Thanks to everyone. I look forward to be working with you again in the future.”
Julie Pollet, Operations Manager, Brintex
“Showlite are the ultimate in prior planning and preparation. We never have any problem and if we do have an issue we resolve it there and then. We love working with Showlite.”
Andrew Reed, MD, William Reed Events & Exhibitions
“Big thank you to Showlite … once again it was a pleasure working with you all again and look forward to 2018!”
Sam Hunt, NMBS Events Manager
“Many thanks for the brilliant job you did on this year’s UKIVA which was a great success. The team pulled out all the stops to make sure everything was ready in time and ran smoothly throughout the day.”
Christine Valdes, Event Organiser, UKIVA, PPMA Group
“We would like to thank you and the team for an excellent build and all your help in the move to Mall Galleries after 25 years. ”
Gay Hutson, Founder and organiser, 20/21 British Art Fair
“The event looked great and the help and advice from Showlite throughout was invaluable. ”
Toby Merigan, Founder, European Sport Fishing Show
“Thank you for being a magnificent partner to Highways UK. Love the Showlite can do attitude and the smiles and personality that come with it.”
Andrew Dowding, Managing Director, Essential Infrastructure Events
“We have had excellent feedback from exhibitors and visitors and this is testament to the excellent partnership we have with Showlite.”
Justine Devereux, Operations & Project Manager, Xmark Media Ltd
“It was great to have Jenni onsite as it really makes a difference having her help to co-ordinate all aspects of the project.”
Joel Swarc, Associate Director, Promotor Events Ltd
“I would like to highlight the outstanding performance of Ross Isolda during the build up of the recent Foodex show at the NEC. I would like to thank him - and the boys on the tools also, for making the whole process as smooth as it was considering the challenge. ”
Phil Birch, Team leader, NEC mains services, NEC

This site uses cookies as described in our Cookie Policy. To view cookies served on this website please review our Cookie Policy. Please continue to use the Showlite website if you agree to our use of cookies.