Stefan and Chris from Akkroo discuss the imminent arrival of the General Data Protection Regulation (GDPR), and the effect it will have on how organisations collect, process and store leads from trade shows and events. Are current methods of lead capture up to scratch? How will they be affected by the new regulation? How should you prepare?
How will the GDPR affect Event Lead Capture: a conversation between Chris Wickson, CEO, Akkroo [C] and Stefan Cordery, Marketing Manager, Akkroo [S].
S: Hello and welcome to The Big Event. I’m Stefan from Akkroo and joining me today is Chris Wickson, the CEO of Akkroo.
S: Hi Chris. So what are we going to be talking about today?
C: So today we’re going to be talking about the General Data Protection Regulation – GDPR. We’re going to have a quick overview of what that actually means, we’ll look at the different methods businesses use to gather leads at events, and then we’re going to discuss what we think the impact of GDPR will be on those methods.
S: OK, well, let’s kick things off then. Set the scene for us.
C: So, the General Data Protection Regulation, GDPR, was actually approved a couple of years ago now by European Parliament, but it comes into effect here in the EU on the 25th May of this year, 2018. It’s safe to say that GDPR will impact every single business on the planet that collects, processes and stores data of EU citizens, so the reach is pretty widespread. It’s ultimately been designed to protect and enable EU citizens to have much greater control over their personal data and provide much greater levels of protection for privacy and against data breaches in this increasingly data-driven world that we live in.
S: Interestingly you said there that it’s coming into force May 2018, but it has been around more or less two years hasn’t it, and it’s definitely been part of our conversations quite a lot, and that’s why we’re talking about it today as we lead up to that. So perhaps you could explain a bit more at a high level what it means for businesses.
C: Yeah, sure. Well, ultimately the GDPR outlines a set of regulations, rules, processes, responsibilities that organisations must implement to ensure compliance with GDPR – ultimately designed to protect that EU citizen’s privacy of their data. There’s a key part to this that is around consent – any data that is collected, processed and stored must be done with clear, unambiguous, explicit consent by that individual.
S: OK – and the fines, the consequences for getting this wrong, or not complying are pretty big.
C: Exactly. Failing to comply with GDPR will result in fines of €20 million or 4% of global turnover – whichever’s higher. On top of that, there are also fines, for example here in the UK, by the Information Commissioner’s Office – the ICO – they can add fines on top of that for any data breaches and that type of thing. So the implications of getting this wrong are big.
S: Yeah, and you only need to get it wrong once really, and it could be the end for your organisation or business. Alright, so, why exactly are we focusing in on this today – what are we talking about?
C: Well obviously in our world – the world of events, exhibitions, trade shows – now clearly these involve the handling of huge amounts of personal data from pre-registration prior to the event, to on-site lead capture (obviously the world we live in), to the whole post-event processing of that data, so GDPR is really big news for the events industry. Obviously, from our perspective, we’re really interested in that interaction that takes place at the event between the exhibitor, sponsor, on the stand or booth, and the attendee – and that transfer of personal data that takes place there.
S: So we’re talking about the process of how businesses collect information, and the tools to do that, basically.
C: Yeah, exactly. I mentioned this word ‘consent’ earlier, and that is one of the keywords at the heart of GDPR. Consent has to be given by an individual to a business, and it has to be – there are five key rules:
– Freely given
– And include the right to withdraw at any time.
So if we think about this from a lead capture perspective, as a business exhibiting at a show collecting information from attendees, you as a business will have an absolute obligation to ensure the attendee is absolutely clear on why you’re collecting their details, how you’re doing that, what you intend to do with that, how you’re going to store that information and keep it secure, and they must be providing their explicit consent, their unambiguous consent via opt-in. So that’s why it’s important.
S: Alright, well, this all surrounds how you collect that information. So in front of us, I see some props that exhibitors will probably be quite familiar with because they will have used one, or if not all. Let’s kick off with this one, the good old clipboard and paper form.
C: Yep, exactly – the classic paper form on a clipboard, handwriting. As a method, in one sense it does allow you to completely configure the form as a business, to gather the information you need. It’s very clear for the attendee what information you’re gathering from them, and you can obviously be very clear on what you’re doing with that information and include those opt-in statements that you need – it can’t be opt-out. And you could obviously gather a signature, things like that, so to some extent, it does allow you to gather that consent that you need to do, but clearly in 2018 paper is not something we’d be advocating. There are huge amounts of consequences of using paper, from trying to transcribe handwriting, to security, to taking paper forms from an event back to the office to get that information, so as I say, in one sense it does allow you to gather that consent that you need, but clearly there are lots of other flaws, lots more effective ways of doing this than relying on paper in this day and age, this digital age that we’re in.
S: Yeah, I think it’s mainstay, it’s quite an easy method of collecting information and getting set up, but I’ve definitely been on the other end where sales reps have come back from a show, there’s a big stack of paper forms, you’re transcribing them, it’s taking ages… There’s business cards that were stapled and now are no longer stapled, so it’s not a fantastic method by any means. Alright, so there’s that one, and then we’ve got this one here, another familiar sight on trade show stands – the fishbowl with business cards. Let’s talk about that.
C: Yeah, so I think business cards are a bit of a grey area when it comes to GDPR. I think as a standalone method of gathering information and consent, all the things you need to do to ensure compliance with GDPR, this is not good enough. Simply putting a business card in a fishbowl as the attendee or as the exhibitor doing this – you don’t know if that person has simply entered a competition, have you spoken to them for half an hour and are they a well-qualified hot lead that you want to take action with. Is the attendee really clear about what you’re going to do with the information in that fishbowl? Are you going to put a wraparound paper form on there with your T’s and C’s… I think things like this are impractical, so as a standalone method simply relying on a business card in a fishbowl I don’t think will give companies the protection they need when it comes to GDPR and the opt-in and consent.
S: I think it’s a risky method as well, because people are used to seeing these in settings other than events – you know, you go to a bar, restaurant, you’ve got one of these by the till on the way out and you just get used to putting a card or your details in there to enter a competition – that has implications of its own. People just get used to putting their card in, and it’s not a great method. OK, so moving on, another one – everyone gets a badge at a trade show event, but the badge scanner – you scan the barcode on there, the information’s saved somewhere – let’s talk about that.
C: I think you could also include in here event apps provided by the organiser, we can talk about these together. So what we’re talking about here is attendees registering for an event maybe six, nine, twelve months in advance, providing their information to the organiser, and then as an exhibitor relying on the organiser’s systems, their hardware, their tools, and their data that they’ve collected for your lead capture, and that’s where I think some of the challenges come, particularly thinking about GDPR. Simply scanning a badge, you are completely reliant on that information that was gathered by the organiser – you have no clear idea of what consent has been collected, and for the attendee, they may not remember what information they provided six months ago. They’re certainly not clear what you intend to do with their data by simply scanning their badge. Event apps are a step forward because they do allow some configuration and allow, perhaps, people to gather the opt-in and consent in the app, but there’s still that challenge of a disconnect with existing systems for a business, and also that reliance on a third party to gather your data for you. Which again, around GDPR, these are some of the big things that a lot of our customers are questioning. And the resounding messaging we’re hearing from speaking to lots of businesses and their legal teams is that ultimately, the sole responsibility for gathering consent has to lie with the exhibitor and that interaction that takes place between them and the attendee on the stand.
S: Some great points there. I’m actually going to an event in two weeks’ time and I registered for my badge for the event, now because in my browser I’ve got autofill I just went through and all the information went in and I didn’t really pay too much attention to that. And I think if other people are going to have that if you’ve got people signing up with incorrect information all the time, just so they can get into the event and go and speak to people and know that they’re not going to get hassled, this is going to happen again and again.
C: Yep, we hear that time and time again from companies and that’s their experience they often have or big gaps in the data that they get back from simple badge scanning.
S: OK, well collecting correct information – whether it’s by business card or by badge scanning – this is exactly our space at Akkroo. We help organisations around the world collect their leads easily, but also compliantly as well. As a business, GDPR is creating a lot of opportunities for us because organisations out there are really having to put the spotlight on what they do at these events and how they collect data. So could you perhaps explain a little bit more about that?
C: Yeah, sure. At a very high-level Akkroo is built for you, the exhibitor, the business that is regularly exhibiting at trade shows, exhibitions, congresses, rather than the organisers. So that’s where we’re different to organiser-led tools that they might provide you with. Ultimately, in our view, the Akkroo app and our system is an extension of your existing marketing automation or CRM systems. It’s used on your own hardware, it’s configured the way you need it with all of your own opt-in and privacy statements built-in to there and crucially connected back into your existing marketing, CRM systems. So it enables you to obviously gather exactly the information you need, the opt-in, clear and explicit consent on the show floor, and then get that data back to where it needs to be, followed-up quickly in the right places by the right people.
S: OK, well we’ve talked a bit about GDPR and the effects on event lead capture. Hopefully, we’ve equipped you with enough to know about the subjects. Thank you, Chris, for joining us today and talking through that. Before we wrap up, is there anything you’d like to mention or talk about?
C: Yeah, I guess just to summarise – as we said right at the start the actual regulation was approved a couple of years ago, so businesses have had a two-year runway to get themselves in a good place for this. Hopefully, people watching this, this shouldn’t be the first time they’ve heard of GDPR. We like to think we’ve given people some food for thought – these are the types of questions our clients are asking within their businesses, so hopefully, we’ve given people some good ideas of some things they should be questioning around how they’re currently doing things. And whilst, as an overarching thing, GDPR is obviously quite complex and does impact all parts of the business, when it comes to events and event lead capture, it doesn’t actually need to be complex. As long as you’re doing the right things and using the right tools, and gathering that consent, businesses are going to be in a great place from an event perspective.
S: OK, well great advice. Again, thanks for joining us, and hopefully you’ve enjoyed this episode. What we’ve done is we’ve transcribed everything so you can download that after the podcast. We’ve also prepared that with some other great information on a website that we’ve just launched called GDPRforevents.com, and that’s going to be a resource page where you can download great content surrounding what we just talked about today. So I think that’s everything, and we’ll see you again next time on The Big Event.
C: Thanks very much.
S: Bye for now.
Did you enjoy the podcast? You can stay up to date with all of our latest episodes in a number of ways: