Bulletin 4: Data Privacy and Working with Event Contractors and Vendors

IEEE Technical Activities Bulletin #4

Topic: Data Privacy and Working with Event Contractors and Vendors

Bulletin Type: Action

Audience: Conference Sponsors and Event Organizers

Version 5 - July 2021

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Who is responsible for data privacy compliance when organizing an event?

Responsibility for compliance goes through the entire event supply chain – from IEEE as the financial sponsor of the event all the way to the third-party vendors that store and process data.

This is why it is critical to choose providers that meet data privacy compliance standards. IEEE must show that we are doing our best to protect the personal information of individuals and minimize risks.

Do data privacy regulations apply to event contractors and vendors?

Yes. GDPR and other data privacy requirements clearly state that data controllers must show how they are complying with the regulations. Part of that responsibility is to make sure that all vendors you are dealing with also are fulfilling their legal responsibilities as well.

What questions should event organizers keep in mind when working with vendors?

Data privacy is an important part of the vendor relationship. It is important to ask vendors how they plan to fulfill their obligations on behalf of IEEE, including:

  • Where is the data hosted?
  • What contractual and legal safeguards are in place to protect data?
  • Who has access to the data?
  • How is the data being used while being processed?
  • How does the system delete personal data?
  • How quickly can deletion of data be completed?
  • What is the vendor’s policy regarding data retention?
  • How does the system allow IEEE to obtain and store consent?

Where can I find examples of language I should include in contracts with vendors?

IEEE has language to address data privacy incorporated into all existing IEEE contract templates. For a data-heavy agreement (e.g. registration system) additional contracts may be required to specifically deal with personal data issues. To learn more contact gdpr-mce@ieee.org

How can I learn more?

The latest information on GDPR and other data privacy regulations can be found on the Technical Activities Data Privacy Resource Page or the IEEE Data Privacy page.

Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.

If you have questions or need assistance, please contact TA Answer Central.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[Download PDF]