Simon Clayton: Just how long are you allowed to keep that data?

Simon ClaytonReftechTech blogData retention+-
Laptop-stock-new-resized.jpg

Simon Clayton, chief ideas officer at RefTech, on how long data can be kept, what can be kept and how to determine what’s safe to retain.

 

Two of the core principles of European data protection law, under both the old and new regimes, are that the data you collect must be relevant to the ways you are using it and that it must not be retained for longer than is necessary. Exhibition organisers should consider these two standards together.

 

Because every exhibition’s circumstances are different, there is no set rule on the length of data retention. Some data is only relevant for the duration of your exhibition, but other data may be relevant for years – if you can properly justify it as such. It is important for you to have a clear and considered policy and a rationale to defend the terms of that policy. You can, however, devise an acceptable policy by asking these questions about your data:

 

  1. Why do we need this data?
  2. How much will it cost us to keep this data?
  3. What value might it have in future?
  4. What risks are there in keeping it?

 

Under the GDPR (General Data Protection Regulation) you will need to explain your data retention rationale in your privacy notices and terms and conditions. It is not enough to simply guess what a good data retention policy, or its length, should be. You have to prove that you have created a valid policy through the appropriate evaluation process.

 

Organisers wishing to retain data for future use should remove sensitive personal data - information pertaining to health, disability, ethnicity, or religion - from those records. For example, you may retain the contact data for this year’s visitors in order to invite them back next year. However, you should not retain data such as requests for a kosher meal, a wheelchair ramp, or a prayer room, as associating these requests with individuals is retaining sensitive personal data.

 

The retained data must be also be used solely for its original intended purpose. For example, the list of attendees should not be sold to third parties after the exhibition if this was not explicitly consented to at the time of registration.

 

You should also consider where your data is kept. Leaving data on the internet is far less secure than storing it on an internal server that is properly protected and secured. But even then, don’t be complacent; only last week, it was reported that a data breach at large UK software company Sage may have compromised personal information for employees at 280 UK businesses. The breech is thought to be as a result of an “unauthorised access" of data held on an internal server by someone using an "internal" company computer login.

 

What should you do with data concerning a Code of Conduct violation at an exhibition? Unless litigation ensues, the identifying details of both the victim and the perpetrator should be deleted after a reasonable period of time. For example, it is acceptable for the organisers of an industry exhibition to maintain a secure list of individuals banned from future exhibitions for unacceptable behaviour at previous events, but it is not acceptable for the details about those incidents, or who they were directed against, to be retained with that list.

 

Following the deletion of personal data, an account of the incident, anonymised to persons X and Y, can be retained securely and indefinitely for the purposes of institutional memory.

 

For more information and advice on data protection within the events industry, download our free white paper:

 

www.eventreference.com/promo-www/datasafety/download.php

Simon Clayton
Posted by Simon Clayton
PopularComments
Twitter Facebook Google+ LinkedIn

Related Stories

AEO and SISO launch Independent Organiser Network

The Association of Event Organisers (AEO) and the Society of Independent Show Organizers (SISO) have entered into a reciprocity agreement following a meeting between their members last month.

Future releases interim results

Group revenue is up for media platform Future plc, which has released its financial results for the six-month period ending 31 March 2017.

ITE Group publishes interim results

ITE Group, the international exhibitions group, has announced interim results and the results of a strategy and business review.

Others on EN

Show or tell?

Show or tell?

Roopi Woodall, marketing manager at the QEII Centre, asks if the art of conversation on social media is dead – and how to engage with audiences if that’s the case.
You get what you ask for

You get what you ask for

Sue Berry, managing director at TimelessTime Ltd, discusses the importance of people metrics and measurable objectives.
The Anti Cyber Attack Checklist

The Anti Cyber Attack Checklist

Following the global cyber attack on 12 May, event tech supplier RefTech has compiled a checklist for individuals and companies to follow to help them reduce the risk of future attacks.

EN Awards Highlights

silverstream.tv

Most Read Stories

Fit for the 21st century

Fit for the 21st century

Andrew Harrison, ESSA director, says we should always fight to bring talent into the industry and encourage an appetite for success.
I'm a believer

I'm a believer

Sam Cande, group commercial director at Centaur Media, says no secret sales technique can compete with belief in a product.
Lourda Derry: Making the connection

Lourda Derry: Making the connection

Lourda Derry, director of Easyfairs UK addresses the science behind operations and the profile of our audiences.

Latest News

Industry reacts to Manchester Arena attack

Industry reacts to Manchester Arena attack

Following the explosion at Manchester Arena yesterday evening, which killed 22 and injured 59, associations and venues in the events industry have released statements.
AEO and SISO launch Independent Organiser Network

AEO and SISO launch Independent Organiser Network

The Association of Event Organisers (AEO) and the Society of Independent Show Organizers (SISO) have entered into a reciprocity agreement following a meeting between their members last month.
BRICKLIVE to partner with Toys R Us

BRICKLIVE to partner with Toys R Us

Lego event BRICKLIVE has announced a new partnership with toy megastore chain Toys R Us, which will be hosting a pop-up at the show.

Latest Features

Students: Pests or guests?

Students: Pests or guests?

It’s a question all organisers have to address – what should my show’s relationship with students look like?
Flying the nest

Flying the nest

Ever thought about going freelance? Do you have what it takes to go solo? Three event professionals tell EN their stories of building their own businesses.
Spreading the word

Spreading the word

With Global Exhibitions Day just a couple of months away, EN asks what three global exhibition associations are doing to celebrate this year.

Latest Galleries

Grand Designs Live 2017

Grand Designs Live 2017

The 13th edition of Media 10’s Grand Designs Live returned to ExCeL London from 29 April to 7 May, featuring more than 500 exhibitors across six key sections. Grand Designs star Kevin McCloud one again hosted the nine-day exhibition.
Insomnia60

Insomnia60

Over 50,000 video game fans from across the country descended on Birmingham’s NEC on 14-17 April for Insomnia60, the UK’s largest gaming festival.
A sneak peak at Somerset House's new event space

A sneak peak at Somerset House's new event space

Some of the industry’s leading event organisers were treated to an exclusive preview of Somerset House’s largest and most versatile indoor event space at an open house event on 19-20 April.