Sign up for our newswire newsletter


10 Meetings and Events Data Protection Tips

Image of woman looking at a computer screen with code passing by.

Recent high-profile data breach cases that impacted some of the biggest players in the hospitality world have brought the issue of data security home to the meetings and events industry.

Even if you are extremely diligent in protecting your organization’s data—and thus those of your attendees, sponsors, vendors and others—you’re only as safe as the weakest link in your data chain. Do you know how secure your third-party partners are?

Following are 10 data protection tips that, while never being 100% secure, will at least get you and your organization thinking about the security of your data and that of your partners and clients in a very unsecure time.

[Listen to Our On-Demand Webinar about Data and Cybersecurity: Don’t Fall Victim to a Cyberattack or Data Security Breach!]

1.    Master Your Data Universe

Make sure you know what data you hold, where it is and with whom you are sharing it. You should do a data flow map and review and update this on a regular basis. This applies both to B2B and B2C organizations.

2.    Risk Assessment Adventure

Make sure you understand where risks could arise, and what level of risk you are prepared to run. Document your decisions around your level of risk appetite.

3.    Policies and Procedures Blueprint

Ensure you have all the legally required policies and processes in place and that they are reviewed and updated regularly.

4.    Busting Overconfidence Myths

Do not assume that your organization is not likely to attract attention from the regulator or from threat actors who want to “attack” you, or customers who want to know what you are doing with their personal data. All organizations should operate with appropriate data protection and cyber security protocols.

5.    Third-Party Supply Chain Shield

Check with all organizations or individuals with whom you interact, share and collect data to ensure that they have the right security protocols in place. This can be done via a “security questionnaire” that you require them to complete.

6.    Data Sharing Strategy

Make sure you have a suitable data sharing agreement in place if you are sharing your data with any other organization, such as a sponsor and/or a supplier.

[Related: Risk Management Best Practices: 10 Easy Tips for Meeting and Event Planners]

7.    Cross-Border Compliance Navigator

If you are operating in more than one state, and/or more than one country, or have clients, sponsors, suppliers in more than one country or state, make sure you are operating within the appropriate data protection laws.

8.    EU/UK representation

If you are operating in the EU and UK, do not have a legal entity there, and have members, customers or clients there, you may need a representative in those regions who acts on your behalf in data privacy matters when dealing with regulators and or customers who are resident there.

9.    WISP Compliance Check

The Written Information Security Program is a legally required document in many states. Make sure you have this document that is a publicly available statement demonstrating that you have the correct data protection policies and procedures in place.

10.    Comprehensive Data Protection Training

Ensure that all staff (including the board and senior management) are regularly trained and understand their obligation under data protection law that applies to their daily work.

Read Next: Revisiting Risk Management as In-Person Meetings Return

Profile picture for user Penny Heyes
About the author
Penny Heyes

Penny Heyes is a co-founder and chief commercial officer of The Trust Bridge, a data protection and cybersecurity company. A highly experienced international sales, marketing and business development professional, she has worked in multiple product and service sectors globally. More recently, she has been advising clients in their innovation of business strategies, crisis management and data regulation, and examining how technology is changing how businesses run, as well as engaging with their customers, employees and suppliers by creating effective strategies and finding the right solution or solution partner to implement.

Profile picture for user David Clarke
About the author
David Clarke

David Clarke is chief technology officer/CISO of data protection and cybersecurity company The Trust Bridge, and is a highly experienced chief information security/cyber security and global data regulation management officer. He is the founder of GDPR Technology Forum, with over 25,000 members. David created a global infrastructure for the world’s largest private trading network, trading $3 trillion a day, and has managed multiple global security operations centers. He has been recognized as one of the top 10 influencers by Thomson Reuters and top 30 most influential thought-leaders and thinkers on social media, risk management, compliance and regtech in the U.K.