Plus4Group - Who we are

General Data Protection Regulation Why Data Matters

Co-founder of Plus4Group Teresa Ward talks about the context and value of data and explains why the World Economic Forum says just like oil, in its rawest form, data is almost useless. But when it is refined it can be turned into something much more valuable and that's exactly why you should care about your data and that of your customers.

Is data important?

This is a difficult question to answer as things like name or address on their own don't tell us very much, but start putting it all together and you start building up a bigger picture about that person. Clive Humby https://www.dunnhumby.com/ said that 'data was the new oil' and the World Economic Forum comments that 'just like oil, in its rawest form, data is almost useless. But when it is refined it can be turned into something much more valuable'. https://www.weforum.org/agenda/2015/08/is-data-the-new-currency/

Compiling people's data results gives a much better insight into how people with similar homes, cars or interests will act and then data becomes very powerful. Facebook will use information like the square footage of your house, the value of your house, the length of your relationship (or lack of) and whether you are away from home to target your tailormade advertising to you. If that's not a scary use of your data, then I don't know what is. However, there is a downside to all this "There are very legitimate fears about the use and abuse of personal data online - for instance, by foreign powers trying to influence elections" Amol Rajan, BBC http://www.bbc.co.uk/news/entertainment-arts-41559076

There is the 'network' effect - the more people you sign up to your apps, the more attractive it becomes to others and the more information you can gather. Take Tesla for example. The more data Tesla can gather from its self driving cars, the safer they become as the 'learnt behaviour' of the first cars develops the performance of the later cars. The more cars, the more data and the safer they become and size becomes an a safety net.

Companies strive for size and growth to protect their intellectual property by becoming large enough to take over any competitor that might steal its market. Facebook bought up WhatsApp to ensure that anyone tempted to use that app would have their data drawn into the Facebook family. It also allowed Facebook to use whatever technology WhatsApp used in its app and either copy it or cease its development. Size enables you to take out the competition. While an effective monopoly is good for the company, it's probably not in the best interest of the user.

Data's the new currency

The World Economic Forum has concluded that data is, in fact, the new currency https://www.weforum.org/agenda/2015/08/is-data-the-new-currency/ With more Internet of Things connected to the internet feeding back all sorts of useful data about use, location, activities, the companies collecting this information will become all the more powerful. The trade off for the individual is handing over data about their activities for more impressive upgrades and connectivity.

Forbes https://www.forbes.com/sites/forbestechcouncil/2017/08/08/how-to-implement-the-new-currency-data/#41af3b5d16c8 argues that the economy has transformed from being one of trading physical products to the present day building relationships with our customers based on the data that had been collected.

What's the value of data

'What is the value of data?' is a very difficult question. We can look at it from three perspectives; that of the individual, companies and finally, legislative organisations or governments.

As individuals, we join online social media groups, very rarely read the Terms and Conditions and certainly don't keep up-to-date with them and then don't understand how the algorithms work when companies start using our collective data. The power of data is not in its raw form but when it's collated to be analysed and then channelled back to us, either for or against us.

In the case of the individual and relating to the above mentioned legislative organisations or governments, GDPR is helping the EU to look after its citizens more effectively and say to the companies collecting this data that this information should only be used for the purposes for which it was collected. It does make you wonder whether the targetted advertising that Facebook carries out at the moment will be allowed to continue, whether the company will have to have opt-in clauses to allow its algorithm to market to you. The European Union is not the only collective that is investigating this problem. India has also taken similar steps and has recorded a judgement enshrining privacy as a 'fundamental right'

The companies are the winners here. According to the World Economic Forum, https://www.weforum.org/agenda/2017/09/the-value-of-data/ the world produces 2.5 quintillion bytes a day with 90% of this having been produced in the last 2 years.

This article outlines the different types of data:

  • Data: this is the raw stuff; basic subscriber information, transactional data (IP addresses, device information) and content data
  • Content: is the substance and/or meaning of the communication
  • Information: this is the data combined with content and processed and analysed to give it some meaning.

It is this final one, 'information' that is important to companies and governments, when you are talking about providing services to its citizens, and enables it to make decisions. This is all big money, as according to the EU, the value of personalised data will be one trillion Euros by 2020. McKinsey reports that companies that use information have success in sales (85% more than rivals that do not use information) and gross margin (25% greater than their rivals), so this is definitely big business https://www.mckinsey.com/business-functions/mckinsey-analytics/our-insights/capturing-value-from-your-customer-data

Data privacy in events?

In a word, essential. If your app becomes associated with a data breach, the reputational damage will be immense. But, saying this, Ashley Maddison the extra-marital affairs website has now recovered after its 2015 data breach and is now growing its revenue by 16.7% in the UK and 18% in Canada. So, even if discretion is absolutely necessary, a company can recover if its providing a service that people want, and clearly, extra marital affairs made easy is something that's valued by its members.

I would say that in the event industry, no one is above a data breach and that its essential to keep your data safe. Consider the type of data that your delegates will need to give you for the event to go ahead; their dietary requirements, car registration number, home/business address, payment details, and this sort of information is something that needs to be stored safely.

Part of the GDPR compliance is just collecting what you need and nothing else. Attendees worry that they have to divulge too much information to register for an event and if you think this is the case for your event, offset this with something that the delegate can gain in return. And make sure that the attendees know who will receive the data (will it be the exhibitors or the venue for example) or what will be in it for them. There has to be a trade that is worth their while. The use of third parties and their access to the data has to be thought through and you will need to gain consent for your attendees data to be passed on to be used by others.

Common GDPR myths

Myth 1 - GDPR doesn't apply to small businesses
There are lots of common myths floating around about GDPR. One is that it only applies to large businesses, which is incorrect. It applies to any business that holds data on European citizens of any size 'Regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises ...' https://gdpr-info.eu/recitals/no-13/ but the Regulation does allow for lesser record keeping in organisations under 250 employees.
Myth 2 - a GDPR course will make your business compliant
There are no courses that can certify you or your company as being GDPR compliant http://www.davidfroud.com/there-is-no-such-thing-as-gdpr-certification-yet/ The ICO will have the power to approve any GDPR certification courses, but they have not done so yet. Joe Curtis writing in ITPro also supports this view http://www.itpro.co.uk/it-legislation/29635/gdpr-certification-what-is-it-and-do-you-need-it saying that the ICO will release a list of suppliers that will be able to help but this hasn't yet happened nor have they set up their own certification body. He poses the question of 'Are any GDPR certification schemes worth the money?' and his answer is 'no'. Certificates are around but they are based on the National Cyber Security Centre's Cyber Security Standard.
Myth 3 - big fines for transgressors
Elizabeth Derham confirmed in her ICO blog https://iconewsblog.org.uk/2017/08/09/gdpr-sorting-the-fact-from-the-fiction/comment-page-1/ that under the GDPR, the ICO will have the power to impose larger fines, but that the Regulation is actually about protecting people's data and ensuring, as far as is possible, that data security is the focus and not the fines.
Myth 4 - May 2018 is over, we can forget about GDPR
GDPR is not just a hurdle that you had to leap before May but something that should be kept in mind when handling customers' data at all times. Elizabeth Derham, ICO, https://iconewsblog.org.uk/2017/08/25/gdpr-is-an-evolution-in-data-protection-not-a-burdensome-revolution/ stated that companies need to have secure systems in place for the data that they hold. This should evolve as technology changes and new ways of securing data are brought into the mainstream. The over-riding principles of processing data fairly, securely, accurately and with respect to the individual (the data subject in GDPR terms) remain.

EU GDPR and how we tackle it

Plus4Events has been designed with privacy in mind (Article 25.1) and the event managers decide what information is needed to run their event (Article 25.2). Privacy is very important to us and we assist you in making your event as data secure as possible. Review your contracts with third party suppliers to make sure it clearly states who is the Controller and therefore responsible for the data and if you haven't got this information in place, it's something to put on your 'to do' list.

The location of your data is important as well. To be GDPR compliant, it should be kept in the European Union. If you have third party companies, processors or sub-processors, you will need to check that they also hold your data in the EU. Plus4Events keeps its data in the UK and none of it is sent abroad. It's not held in a cloud owned by anyone else, for example AWS and never will be. Your data is too precious to us for us to mess about with it.

We do not, and never will, use your data for marketing. We will need to contact your delegates in relation to operational issues, but not for anything else. Unlike some other event booking sites, your data remains your data.

The GDPR requires a Processor to have policies in place and to have carried out a Data Protection Impact Assessment when designing the app. Processing activities have to be documented so that there's a record available if a data breach occurs. You can rest assured that Plus4Events has the correct policies and DPIA.