This website uses cookies, which are necessary for you to login to the My ICCA section, integrate social media and track visits to our website. ICCA is legally obliged to ask your permission to use cookies and to inform you about how we use them. By continuing to use our website you are accepting our use of cookies as described in our Privacy Policy. Find Out MoreContinue
Remember Associations only: Forgot password

EU GDPR: an update on ICCA’s position, and implications for how to handle ICCA data

ICCA takes personal privacy issues very seriously, and has been actively reviewing all policies and practices to comply with the latest European GDPR requirements.

The ICCA Board will be formally signing off our official Privacy Policy at their meeting prior to IMEX, and reviewing the detailed policies and practices for each category of personal data that we process.  Once approved, this information will be clearly communicated to all members, and will be easily accessible via privacy notices on relevant pages of the ICCA website, including the association database and our event registration sites.

This is a complex issue, but ICCA aims to communicate our position as clearly as possible in simple English.

ICCA’s Articles and By-laws, which represent a contract between members and ICCA, will be updated and voted on at the 2018 General Assembly to expressly include a new section on GDPR compliance, designed to spell out the responsibilities of both ICCA and members.  However, please note that the new Privacy Policy and procedures will already take effect after the Board’s approval in May 2018, since both ICCA and members are expected to comply with their legal obligations under GDPR regulations.

Your personal data (staff of ICCA member companies/organisations)

When you register for ICCA events, you enter into another contract regarding how your personal data is processed by ICCA, which will be clearly spelled out in our privacy notices each time you register.

ICCA data

We process personal data on numerous contacts linked to the international association meetings on our database, on the grounds of “legitimate interest”, based on our role as the world’s leading and long-standing aggregator and recorder of all data that is relevant to such meetings.  Our communication to contacts on the database makes clear that we hold their data for this reason, and that this data is shared with ICCA members, so that those members who have an interest in their meeting may contact them or use the data to better serve that meeting.   We have also communicated the Guidelines that we require ICCA members to adhere to.

All ICCA members (including those based outside Europe) who process this personal data (eg by adding such details to their CRM system) must themselves be GDPR compliant, with their own Privacy Policy and procedures that justify and explain their processing of personal data.  Such polices must apply to all personal data that they process from any source, not just ICCA data.  Members are advised to adopt policies that align with their own overall business interests – there is no single policy that everyone can adopt.  Typically, your policy’s rationale for processing personal data will be either “contract” or “legitimate interest” or “consent”.  Please note that if you adopt a “consent” rationale for processing data, you will need to obtain a proactive opt-in from all contacts that you process, no matter from what source.  

Misuse of ICCA data (eg passing on data to non-members or SPAMing association contacts) can result in exclusion from ICCA membership.

As part of this exercise, we have strengthened our long-standing Guidelines to members on how to handle ICCA data.  All members are expected to comply with these Guidelines, which we encourage you to study and incorporate in your own business operating practices and procedures.

------------------------------------------

Guidelines on working with ICCA data 

Our most important advice: treat all association contacts with intelligent respect!

ICCA’s policy for processing personal data in the Association Database is based on the rationale of “legitimate interest”.  All ICCA members need to adhere to their own Privacy Policy rationales when working with this (and all other) personal data, which could be based on “consent”, “legitimate interest” or even “contract” (eg, this may apply for persons linked to meetings that the ICCA member has organised or hosted in the past, or is actively preparing to organise or host in future).

The most sensible general principle for all ICCA members to adopt is to only process data on or make contact with individuals where there is a genuine, well-researched and well-argued business case for that meeting to be targeted, so that anyone can recognise the care that has been taken by the ICCA member to think about the needs of their meeting.

Association meetings are a long-term business, requiring the establishment of trust and a strong, long-term relationship.  From your earliest communication with these individuals this should always be kept in mind!  Treat all association contacts with “intelligent respect” at all times, and you will gain more success.

Please DO NOT send out standard letters to mass audiences, and avoid using salutations such as “Dear Association Executive” or “Dear Sir/Madam”.

Please DO NOT send large files or attachments (eg brochures), or generic tourist-type material.

Please DO NOT send out inappropriate or unasked-for gifts and invitations.

Please DO personalise each communication you send out, referring to what you know about about their meeting’s needs and their association’s business objectives, and explaining how your company or destination can help achieve their goals.

Please DO ensure that their meeting is a good fit for your company or destination, and that you have done your research on their history, size, rotation pattern, and decision-making criteria.

Please DO find out additional intelligence other ICCA members who have been involved in this meeting in the past, to ensure your approach is tailored to their needs.

Please DO check out other sources apart from ICCA before you contact any individual, to ensure your knowledge is as complete as possible.

Please DO ensure that individuals are easily able to request removal of their personal details or to not receive future contact from you, and react immediately to any complaints.

Please DO prominently display your privacy policies and demonstrate your adherence to GDPR.

Please DO mention that you are an ICCA member, with experience and special interest in international association meetings; mention other association meetings you’re worked on recently.

NEVER share ICCA data with non-members.

ALWAYS follow these guidelines to ensure that association executives feel welcome within the ICCA community, and that they are at all times treated with intelligent respect by ICCA members.