RegisterONE and GDPR
In the United States, there are two important laws that we follow, namely the Privacy Shield Framework (which is transatlantic commerce from/to the European Union and Switzerland and United States) https://www.privacyshield.gov/welcome and the California Consumer Privacy Act for consumer protections of privacy https://leginfo.legislature.ca.gov/faces/billTextClient.
These laws focus on an individual companies responsibility to protect the transfer of personal information and data from consumers to any entity sharing their personal information, inhibiting the collection of personal information of minor children who are unable to give consent and to establish an enforcement agency to enforce the laws when the are not being followed by said companies. In other words, we only collect information we need for the purposes of processing specific requests and eliminate the data when it is not longer required or the consumer asks for us to amend/delete the information. Period.
About the Entities of GDPR
The European Union has also issued the General Data Protection Regulation (GDPR) https://gdpr-info.eu/. This nifty little piece of legislature identifies three key parties (if applicable). They are:
- Data Subject = the person or company submitting personal information on a form
- Controller = the entity who uses the personal information to provide a product or service
- Processor = the entity that provides the means of capturing and storing personal data
Each has a distinct part to play, and a different set of rules and regulations to follow.
In a nutshell, the data subject (Client Business Contact or the Exhibitors, Attendees, etc.) has a right to know why they must provide the information requested (purpose and transparency), the safeguards in place and what information has been collected (right of access), and what they can do if they wish to rescind access to their information (rectification and right to be forgotten, with caveats). They also have the right to know why their rights may be restricted in any way (national security, defense, public security, etc.).
GDPR: Controller vs. Processor
The “Controller” or Primary Client (ie. expo, trade-show, conference organizer) decides what personal information and data they gather from individuals and for what purpose. They are also solely responsible for how the information is used within their organization. All roads lead to Rome, so if a Client Business Contact wishes to amend or rescind information they have expressly given, they must first contact the Primary Client to initiate the process. Then RegisterONE is notified to restrict personal data to this Primary Client from this Client Business Contact.
RegisterONE is the “Processor” and acts as the bridge, or go between for the Primary Client (Organizer), the Primary Client Contact (Exhibitors, Attendees, etc.) and any other entities they do business with and connect through by utilizing the RegisterONE Platform. We serve to process the personal information or data on behalf of the Primary Client, but we do not use the personal data or information we gather, except where applicable by law.