Peddling myths to harry the innocent

Like wasps to a pot of jam, the buzz of experts rushing onto the GDPR bandwagon is incessant. Leading cyber security entrepreneur Jane Frankland posted just two days ago ‘Can we really trust GDPR Products, Services and “Experts”?‘ and I found myself agreeing with much of what she said.

Given that a good deal of my time at the moment is spent trying to understand the GDPR and how it applies to clients mainly in the B2B events and publishing industries, I have trawled my way through lots of different articles from “experts”. My current role involves a constant picking apart of the legislation to understand how it applies to the nuances of individual organisations and their business operations. There is lots of great advice from the ICO and the DMA but the scope of what these bodies are covering is vast and much of it is generic so it is important to supplement their information with more specific details from elsewhere.

This research process does occasionally throw some complete curve balls, and today served up an absolute belter. While looking for insight into double opt in I came across the following comment in a blog by a Marketing Automation company:


Take a really good look at the last sentence in the first paragraph… Yes – you are reading it correctly – apparently people who attend B2B exhibitions are so naive that when they give a business card to a company on a stand they don’t think this is for marketing (i.e. contact about products and services) purposes and it’s the last thing they want. Really?! If you are having a chat with a sales rep at the bar and you give them your business card, are you just expecting them to add you to their Christmas card list or would you be more than a little surprised if they called you up to ask you if it’s OK to email you about the product you were discussing with one another? Surely personally handing over a business card is the most unambiguous form of consent there can possibly be…

I’m not entirely sure where the writer of this article has been hiding, but patently they have zero understanding of the way networking happens and business relationships are built. If you aren’t interested in a product, or you don’t want to be contacted by someone, you don’t give them your business card in the first place. They also haven’t grasped that in many instances business cards aren’t exchanged at B2B exhibitions; there’s this really cutting edge technology called a scanner where visitors voluntarily allow their personal data to be collected by the company whose stand they are on with a data protection notice already printed on the badge telling them not to do it if they don’t want to. Nor, I suspect, do any of the authors of the GDPR legislation intend it to hamstring business interaction in such a draconian way.

Double opt-in or confirmed opt-in is another favourite of this same marketing automation ‘expert’:


Now, there is some merit in a double opt-in process, as described by Mailchimp:


The above describes clearly how double opt-in is a mechanism for keeping your data clean and relevant, saving you time and money. As opposed to the previous one which is peddling it as a legal necessity. Think about this – some commentators say you need double opt-in because someone might be signing you up for multiple porn sites as an act of revenge – but chances are that if they are vindictive that person also knows how to access your email account or the stream of ‘please confirm your subscription to …’ emails will cause more than enough distress. In the B2B context, is this likely?

If you are following the pathway to GDPR compliance, you should have a very clear ‘opt in’ statement on your data collection forms at the point at which the data is collected as specified in Article 7 of the Regulation. In my humble opinion this is sufficient proof that someone actually intended to sign up for an event/requested to receive a newsletter/asked to download a piece of content. Given that at every contact point from there on in, the recipient is able to opt out again, suggesting that double opt-in is mandatory is a mendacious attempt to extract fees for unnecessary services from credulous companies who have not had the time to study the legislation in detail.

GDPR will affect your organisation in one way or another, and undoubtedly you will need help along the way. But please, let common sense prevail, and make sure that you filter the advice you are being given according to the agenda of the person giving it.

Advertisements

Event businesses risk all

Leading law practice Irwin Mitchell have recently conducted a survey of 2,129 senior decision makers within business and the results are pretty astonishing.

With just under a year to go until implementation, only three in every ten have started to prepare for GDPR and 35% are unaware of the new rules, including fines for data breaches.

You would like to hope that one sector at least, marketing and advertising, would be completely up to speed; but no, only 34% admitted in the survey that they were aware of the GDPR and 17% admitted that the maximum punishment would force them out of business. Given that event companies are often included in this sector, it would not be too much of a stretch to apply the findings to them as well.

We do need to reign back on the worst case scenario a little, because it is the job of law firms to paint the picture as black as possible, but there is no doubt that any organisation that is not taking the legislation seriously could find themselves in dire straits. The fines are likely to be at their largest for those which cannot demonstrate the measures and processes they have taken to keep data secure and the mechanisms for spotting a data breach.

Firstly, what constitutes a breach? Essentially this is an incident where there is an impact on an individual’s privacy. At one end there is a wholesale hack of customer data, at the other a confidential letter put into an envelope addressed to someone else, with the downloading of un-encrypted data onto an unprotected laptop somewhere in between. Not forgetting of course, the member of staff who leaves you to go elsewhere taking your sales/marketing database with them. Where this begins to impact the business is that in certain instances you need to report the breach to the ICO within 72 hours.

So, if you can’t identify that you have a breach, possibly because you don’t know where all of your data is, how are you going to report it at all, let alone within three days? If you, like 63% of the marketing and advertising companies in the survey, aren’t confident that you can notify the relevant stakeholders within the timeframe, then you are automatically putting yourself in the frame for a fine.

Plus, just being able to identify and, potentially, report the breach isn’t the end of the matter. There is a specified format for the type of information you will need to provide, including the number of records affected and your mitigation procedures. If your data isn’t secure, compliant, your contracts with your Data Processors cast iron and your procedures professional, not only could you be facing a financial penalty, but you could find your business tied up in knots for a considerable period. If you are running a really lean operation, this could prove catastrophic.

Keep Calm & carry on emailing

As a data focussed company, getting to grips with GDPR is an imperative for Circdata. Having begun the lengthy process of conducting their own Data Impact Assessment under the terms of the Regulations, it has becoming increasingly clear what the implications for their clients are.

Another thing that has becoming increasingly clear is the number of misconceptions, and how, with such an enormous and broad piece of legislations, things can quickly get lost in translation.

It would be correct to say that the regulatory authorities and industry bodies are clearly focussed on the major players (or miscreants). A data breach by an internet provider, a financial institution or healthcare provider, or data misuse by a leading charity create unattractive headlines that only serve to bolster public mistrust of the direct marketing industry. Consequently these are the key industries which are currently being subjected to the most exacting of scrutiny.

Anyone involved in the B2B marketplace would be forgiven for self-interpreting the messages they are receiving as ‘business as usual’. But this is very far from the case because that advice is undoubtedly based on practices which aren’t currently being followed.

The events and publishing industry operates on a quid pro quo basis i.e. you give me your data and I’ll give you something in return, e.g. a free subscription to a magazine or entry to my exhibition. It’s a mutually beneficial arrangement. For the purposes of DPA, and now GDPR this would be considered to be a relationship operated under Legitimate Interests, i.e. there is a relevant and appropriate relationship between the individual and organisation.

Within the status of this relationship, an individual must reasonably expect that they will be sent further offers after they have signed up for a company’s product/service, even in the case of a paid for subscription. The individual must be told this, and given the option to ‘opt out’ at any point if they no longer wish their data to be processed in this way.

It isn’t all good news however. If you have been processing your data under Consent (i.e. you’ve been using lots of little tick boxes) then you are not permitted to claim processing under Legitimate Interests post implementation, so you still need to get your data in order before 25th May 2018 to continue using it. And, if you continue blasting your databases with masses of inane email messages then your opt-out/unsubscribe rates are going to rise – so it is time to reassess this strategy as well.

Meanwhile, remember that for most organisations, marketing permissions isn’t the thing you should be most worried about where GDPR is concerned. Your data security is. As one speaker at last week’s EventHuddle put it:

Remember that the minute you download an unsecured spreadsheet of Personal Data* onto an unsecured laptop you are in Breach

If you are still permitting data to migrate through your organisation via Excel, with no checks and balances on who can see it, then this statement should send shivers down your spine.

*Personal Data – any information that identifies an individual person.

Cutting through the cacophony of GDPR

Childrens party2So you just received yet another email from someone telling you ‘everything you need to know about the effects of GDPR’. You click on it, hoping that this time it will actually give you some guidance about what you can and should be doing. But oh no – it’s yet another person/company who has done a cut and paste job and that hard to decipher legalese is all still there on every single one of the 30 pages or more.

Sigh…

Having spent considerable amounts of time recently working through the 99 articles and 173 Recitals that make up the Letter of the Law, I can tell you it is a tricky old bit of legislation to get your head around. But it isn’t impossible.

Firstly, if this is the first you have heard of the GDPR then you are a little slow on the uptake. We’ve known it has been coming since 25th January 2012, with formal adoption starting early last year – so we’ve had a year of the two year transition period already. You’ll hear some people say that full details around the legislation are not clear – but that’s not true. The majority of it is set and it is just the greyer areas where more guidance is required that are being ironed out. So you can’t really use that as an excuse not to get a grip on it now either.

So what do you need to do? Don’t panic. Event companies are unlikely to hold Sensitive Data as defined in the Regulation. Nor are you likely to have lots of Data Subjects wanting to utilise the Data Portability option, or Subject Access Requests for that matter.

My suggestion for your first step towards GDPR compliance is to appoint someone to take ownership of the task. They are going to have to take a few things out of that notorious Too Hard box, so they need to be someone who is dogged in the face of obstruction and obfuscation. They need to have the ear and support of a member of the senior management team. And they need the discovery skills of Sherlock Holmes.

As soon as possible they need to make a list. And if your event company is anything like some of the ones I have worked with over the years, it is likely to become a very long one. Because this list is going to have to cover Every. Single. Database. Yes, every spreadsheet, .csv file, filemaker, Salesforce file on every laptop, computer and server that contains personally identifiable data. They need to know:

  • Where it is stored
  • What data it contains (i.e. fields)
  • How many records
  • When it was created
  • When it was last used
  • What is it used for

It’s not a pretty job. But this is your starting point. Until you know how much data you have, who has access to it, where it is kept and how much use it is, you will have absolutely no idea what solution you need and how much time it is going to take to become GDPR compliant.

So, don’t worry about the details of the legislation right now. That isn’t going to change any time soon. Just start with this one task and it will create your roadmap to compliance.
Hellen @missioncontrol

Getting to know you…

as2_4391

Like the medical profession, familiarity is a crime that many event organisers are guilty of.  Not in the sense of being over-friendly, but forgetting that the visitor does not experience an event every day, nor do they spend many waking hours planning, discussing or thinking about every minute detail of how the spectacle is created and produced.

Often our only communication with the visitor is via their credit card or post event survey. In the latter we are frequently more interested in creating statistics that look good on the sales brochure than actually finding out how the experience matched up to their expectations or what they would suggest to make things better.  After months of preparation, it’s all to easy to hide away in the organiser’s office during the live period, safely out of reach.

Events are unique in that there are very few jobs where staff come face to face with every single one of their customers. And, because of our tendency to hide ourselves away, it means that more often or not it is the ones with grumbles who force their way through. Sometimes it can feel like a constant barrage of complaints, and more often than not it is a junior member of the team with little or no customer relations training or experience left to deal with it.

Success comes with knowledge, and experience tells me that the best way to get this is by making yourself available. Interacting with visitors and exhibitors throughout the opening hours, making small talk and asking them what their motivation for attending is. It also gives you the opportunity to explain areas where they believe there are shortcomings. Nine times out of ten there are clear explanations for perceived issues which the visitor has not considered and is happy to accept.

But perhaps one of the key benefits of this approach is that you get to speak to happy people, those who are thoroughly enjoying every moment, who feel like they are getting value for money and an experience they will savour.

Hellen @missioncontrol

 

Dynamic pricing for events

imagesBack in June last year, for reasons known only to parents of other participants at the 23rd World Scout Jamboree, I found myself in a very long, snaking queue at Earls Court, London. Not only was it the longest line I have ever experienced for a venue based event of any kind, but it was also the first time I had ever waited alongside Ninjas, Lolitas and other cosplayer characters. I was seriously considering paying extra for the Sake Experience.

All of this aside – one of the key experiences for me as an event professional was the ticket purchasing process. Dependent upon when I went onto the booking site, the cost of attending the event would change, so that I was left with the feeling that the tickets could only get more expensive. Now this may not have been a deliberate ploy, i.e. there may have been a human being sitting in the back room changing their minds on a regular basis with a view to managing crowds and income, but there is no doubt that it encouraged me to part with my money sooner rather than later, even though no early-bird discount had been announced.

With this in the back of my mind I read a very interesting piece by Mark Ritson on dynamic pricing. Appearing in Marketing Week magazine, the article took many examples from consumer marketing but one particular passage is very pertinent to event organisers:

…most prices are set with a reckless disregard for event the faintest whiff of analytics. Pricing remains an entirely amateur confection in most cases. Equal parts bingo and voodoo.

For an industry that has really got to grips with the absolute intricacies of dynamic pricing you need to look no further than the airlines. Sophisticated technology enables them to ensure that every seat on every flight is delivering the best possible fare, determined by time, route and demand.  These processes are changeable, enabling them to charge significantly more for just a handful of tickets, manage the volume of promotional fares available or create premium pricing on popular flights. My industry source tells me that sometimes the profit on a flight will come from the sale of the very last seat, so you can see how important this intelligent approach to pricing is.

In marketing terms, what airlines do is to announce that tickets are available from a certain price which gives them the flexibility to change according to demand. Now that most event booking processes, even for the premium rate conferences, are online and conference brochures publishing prices are rarely printed, there is a greater opportunity to change pricing according to demand. For consumer events, analysing the ticket purchasing cycle would allow clear parameters to be set regarding the number of promotional tickets being made available or indeed when to raise the ticket price to manage demand.

Any event can be sold out.  The trick is to ensure that this happens with the optimum amount of revenue achieved. This is usually measured by performance against budget, but would it not be better to measure it by price v demand. It is one thing to have sold out, quite another to have done so too cheaply and too quickly. Dynamic pricing would also give a real marketing boost in terms of attracting loyal visitors to come back time and again. These individuals could be offered a ‘club’ membership where they can book tickets at a guaranteed price regardless of which day they want to attend while everyone else would need to get their skates on to get the lower prices.

Back to Hyper Japan.  Not only did the ticket prices fluctuate, but they also kicked you out at lunchtime on the most popular days.  Which meant that if you wanted to spend your whole day looking like a character out of a cartoon, sorry – anime, series you had to pay twice…

Hellen @missioncontrol

Eventex: My Five Takeaways From Sofia

As always some fantastic thoughts from Michael Heipel taken from his own attendance at Eventex.

It is very easy as event organisers ourselves to be hyper-critical of the events which we go to, or to get stuck in a rut with what we are providing to our potential audiences. Michael describes a great meeting design seminar which looks like it will have provided some real food for thought and hopefully some action plans on how to rearrange our meeting environments to make them as good as they can be for our delegates.

Michael also touches on a topic which we covered a short while ago about technology – he comments “There is a thin line, though, between offering tools for enhanced audience engagement and networking – and asking too much both of the speakers and the delegates.”  Great technology really does enhance an event experience, but only where there is a defined need or identifiable improvement in service provision.

EVENT MARKETING BLOG

Blog

They say, when you attend an event, and you take away at least five things that you learned – or five people that you met who will potentially play a role in your personal or professional life – then it was a good event for you.

Well, according to that yardstick, Eventex in Sofia was a fabulous event!

Not only have I met lots of great people (speakers, tech providers, attendees, all of them Eventprofs). There are at least five takeaways that will definitely influence the way I go about event management, and they will also have an impact on the way I do consulting and training for event organizers .

What were the most sticky learnings from my personal perspective?

View original post 1,067 more words