GDPR
The EU GDPR came into force on 28th May 2018, and the meetings and events industry was be heavily impacted, due to the hight amount of processing of personal data within the industry. GDPR is not only about the rights of event attendees / delegates, but reaches far within the organisation – it is a new way of thinking, that puts data privacy in front of mind.
On 1st January 2021, the UK formally left the European Union. In doing so, it created its own version of the GDPR, called the UK GDPR, which applies to individuals in the UK. Many event businesses now have to comply with both the EU GDRP (for data on individuals in the EU) and the UK GDPR (for data on individuals in the UK).
Smartec Business solutions can provide a range of GDPR and data protection services with a specialisation in meetings and events, covering both the EU GDPR and the UK GDRP. All work is carried out by an accredited GDPR Practitioner whose details appear on the gasq.org database of accredited GDPR professionals.
GDPR Audit and Gap Analysis
For companies starting on their GDPR journey, or for those that have made a start, the following steps lead to 'Gap Analysis' report, which highlights the current state of the company and compares it with GDPR requirements.
Start with an audit of all existing processes, policies, contracts and assets within the organisation.
Carry out a detailed data mapping and ‘gap analysis’ of all processes that handle PII date. There is no easy way of doing this – it will often require input from different department or division heads.
A report will summarise the current position of the organisation, and present a plan to become compliant with recommendations for priority areas.
Any remediation work required will be carried out, either internally by the organisation, or with the help of Smartec or other 3rd parties.
For more information, call Smartec on +44 (0)7917 451677 or email info@smartecbs.com
Pricing Options:
Smartec Business Solutions offers the following GDPR Compliance options for steps 1 to 3 above:
Option 1 – a 3 day package that consists of 2 day onsite, followed by 1 day of analysis (or the other way around, as necessary), resulting in a report and a compliance plan. This is charged at £1,990 + VAT, with all expenses additional
Option 2 – a 5 day package that consists of 3 day onsite, followed by 2 days of analysis (or the other way around, as necessary), resulting in a report and a compliance plan. This is charged at £2,990 + VAT, with all expenses additional
NOTE: Where branch or international offices are involved, additional days may be required.
Both options will require key personnel from all departments to be fully engaged and available for discussion. These include senior management and the heads of Operations, IT, Sales and Marketing, Finance, etc.
For more information, call Smartec on +44 (0)7917 451677 or email info@smartecbs.com
Virtual DPO
A DPO (Data Protection Officer) is mandatory for some companies but recommended for those that process large volumes of data, such as those in the event sector. A DPO is a data specialist who will provide the following services on behalf of the client:
● provide virtual advice and guidance on GDPR compliance
● review the client's current state of GDPR compliance, and any policies, procedures and documentation in place
● advise on data protection impact assessments (DPIA)
● provide advice and guidance on responding to data subject requests
● support the client with any training and awareness programs required
● monitor compliance with GDPR and advise on regulation changes
● conduct regular reviews
● cooperate with the supervisory authority and act as the client's contact point
For more information, call Smartec on +44 (0)7917 451677 or email info@smartecbs.com
Pricing Options:
Smartec Business Solutions offers a Virtual DPO service that is cost effective and scalable, depending on the changing needs of the client.
Option 1 - Virtual DPO for one day per month - £690 + VAT per month
Option 2 - Virtual DPO for two days per month - £1090 + VAT per month
For more information, call Smartec on +44 (0)1784 289974 or email info@smartecbs.com
Representative Company
Under the EU GDPR, any organisation which processes the data of, or offers goods and services, to EU citizens may be required to appoint a representative within the EU if it does not have a branch or office in the EU. This now also applies to UK businesses, now that the UK has left the EU.
Similarly, EU companies that offer goods and services, or monitor the behaviour of UK individuals may now need to appoint a representative within the UK, under UK GDPR.
And global organisations may be required to appoint a representative in both the UK and the EU.
Smartec can provide representative services for organisations that require a representative within the UK or the EU. This service includes:
To act as a point of contact for the company in the UK or the EU
Liaise with the relevant Supervisory Authority
Acknowledge Subject Access Requests
Review records of processing for individuals in the UK or the EU
Prepare an annual activity report
Benefits of the service:
Qualified GDPR Practitioners
Experience in international business
Cost-effective and scalable
Specialised for meetings and events, so provides invaluable context
Costs start at £140 + VAT per month.
For more information, call Smartec on +44 (0)7917 451677 or email info@smartecbs.com