Orcula and GDPR

Understand the Impact of GDPR on Event Planners

The General Data Protection Regulations (GDPR) are a series of regulations protecting the personal data rights of European Union citizens. Enforcement began on May 25, 2018 and companies found in violation can risk penalties in the millions of Euros.

The GDPR regulations affect all event organisers with European Union attendees (and even marketing contacts).

Key obligations of meeting planners

Meeting planners have specific obligations under GDPR. Some of these obligations include:

  • To be able to demonstrate technical and organisational data protection measures for GDPR compliance
  • To receive and track consent from attendees to collect and process their personal data
  • Report any data breach to authorities
  • Adopt data protection by design and default
  • Only engage processors with GDPR compliant platforms

Orcula and GDPR

To assist meeting planners with their GDPR compliance, Orcula provides three key components:

Orcula Ecosystem

Orcula includes many services traditionally delivered by 3rd parties requiring data transfers

  • Enclosed architecture ensures all data resides in a single, highly secure database
  • The Orcula enclosed ecosystem dramatically reduces or eliminates the challenge of tracking and managing data
  • Saves event planners thousands of pounds by performing many critical event services that previously were outsourced to costly third-party vendors

Orcula GDPR Compliant Platform

The Orcula platform is fully GDPR compliant due to our Azure infrastructure and PCI Level 1 Security

  • Every Orcula client has a dedicated database
  • Database encryption at rest and backup
  • 100% isolated data processing
  • Dedicated Web Application Firewall scanning 24/7
  • Monthly vulnerability scans and Annual penetration test
  • Data backup every 5 minutes


The Orcula Data Protection Toolkit

The Orcula Data Protection Toolkit is a fully integrated set of tools and processes designed for meeting planners to assist them with their GDPR compliance and provide superior data protection of their attendee’s personal data.

Identify

  • Identify Orcula Data Administrators
  • Identify fields that contain personal data and in email communications

Consent

  • Create and store standard Data Processing Consent Policies
  • Display Data Processing Consent Policies during online registration and in email communications

Anonymise

  • Tools to completely delete attendees or just anonymise personal data and retain historical and financial information for reporting
  • Automated notification to third parties when an attendee exercises their right to be forgotten

Log

  • Capture and log personal data Consent and Withdrawal of Consent in registration forms and emails and financial information for reporting
  • Record all consent changes and track whenever personal data is sent to third parties (e.g. Hotels or other vendors)

Report

  • Data Protection Dashboard to keep meeting planners informed of compliance status
  • Powerful search tools that can scan all events for a person and can produce a detailed Data Processing Statement including all known personal information, consent log and third- party transfer logs