The Importance of Empathy Within Associations

December 15, 2017

The Importance of Empathy Within Associations

openIt is the very essence of associations to gather different kinds of individuals and personalities, most of the time coming from the world over, around a single cause. Franco Viviani, President of the International Council for Physical Activity and Fitness Research (ICPAFR), reflects here on the notion of empathy and what it means for associations.

In international associations, it is not uncommon to find different human typologies, each of them with different backgrounds. For anthropologists and sociologists, a Chinese is, for instance, the product of a society composed of interdependent individuals. In Asia, individuals adapt to the situation because they do not want to break the harmony of the whole. Good relations with others are of paramount importance, resulting in a strong sense of belonging for every member of the group. For example, if exercising on a regular basis is considered to be a good thing by the group, the individual will never jeopardize the equilibrium with, say, his or her laziness.

Different is the American, who can be considered as independent. Americans consider their individual rights as inalienable, and constantly struggle to show their uniqueness. If, for example, they decide to register to a gym to lose weight, they will experience huge satisfaction when achieving the goal. Contrary to the Asians, Americans focus on the product (the ideal weight) and not on the process.

What happens

One question at this point: how can empathy actually happen when culture seems to determine the way people think and behave? Association executives and members have to be aware of cultural differences, in order to interpret desires, goals, and aspirations of their peers the right way.

But first, what is empathy exactly? An emphatic relationship requires from us to let go, but, at the same time, to take a step back. We all have the capacity to share our feelings with others, something that the Germans call Einfϋhlung, or “feeling into”. “Fellow feeling” was conceptualized by Adam Smith, a 18th-century economist: everybody can have the sensation – good or bad – that what is happening to others is happening to them as well. And, more than a decade ago, neuroscientists started to recognize different kinds of empathy, all of them connected to the fact that humans share what the psychologists call “the Theory of Mind”, ie the capacity to understand not only the emotions and feelings of others, but also their beliefs and intentions. That way we can anticipate and hopefully act accordingly.

Clearly, some components of empathy are simple, others complex. For example, compassion includes the motivation to act when we see someone suffer. Cognitive empathy, in addition, is defined as the ability to “put oneself in someone else’s shoes” and understand their feelings. The most studied aspect is emotional empathy, ie the capacity to share another’s feelings by entering that person’s behavioural state. These three components are critical for our social life: mastering them is fundamental to build good relationships.

Recently, empathy started to be taught at trainings, with the aim to resolve disputes. Chariness is here requested because this complex emotion has many nuances, depending on the circumstances in which it appears. For some scientists it is a sort of “Russian doll”, in appearance very simple, but in reality very complex as we get to the core of its mechanism. What is interesting is the fact that empathy and kindness don’t always go together, as empathy tends to appear if the other person is close to us. This must be kept in mind in international settings.

Interpersonal Relationships

Empathy also often softens the relationships in circumscribed groups (family and friends), but doesn’t necessarily improve the dealings with outsiders. Recently, considering the pseudo-virtues of empathy Bloom & Davidson argued that the outcomes of its exaltation go in the opposite direction to the starting assumptions. Empathy is not an ethical guiding light, as the attention focuses on a few individuals and its field of action is limited. In short, empathy is valid for interpersonal relationships, but can become harmful when it appears in broader circumstances. In this context, the notion of public opinion is antithetic to that of empathy, as it implies a contrast of ideas and not identification among peers.

Back to the associations. As they are generally formed by individuals who share common goals, empathy may be useful to mollify interpersonal relationships. Some of them, who clearly play a role in globalization processes, lack empathy, as they don’t see or impact the general public. They are testament of what I call the “cosmopolitan eradication” of the gated communities of the international metropolises, like London, New York, Dubai, or Singapore, in which they work. Social networks, with their filter bubbles, echo chambers and one-to-one marketing, encourage closed communities of like-minded individuals and discourage openness.

If associations need to promote empathy, some measures can be taken, starting, for instance, with the inclusion of women, particularly in the board, as research shows that women tend to be empathic than men. Empathic efforts can also include individuals of different ages and cultural background – young people may display a diffused intelligence that counterbalances the crystalized one of the senior executives. They are also more open, especially if raised in an international context. Different backgrounds indeed exert multiple influences on cognition. For example, different mother languages impart different cognitive abilities, and that can promote nuanced inclinations towards empathy.

Future research will clarify whether or not empathy has been overestimated. For the moment, we can use it cautiously, in well-defined circumstances, bearing in mind that putting oneself in other people’s shoes can have unexpected consequences.

This article was contributed by Franco Viviani, President of ICPAFR, University of Padua, FISPPA & Biomedicine Departments.


December 7, 2017

Introducing ICC Wales

With other regions in the UK well established as key players in hosting international conferences, Wales felt it was time to claim a spot on the meetings industry map. The construction of a large scale convention centre in the region already attracts a lot of attention from the global association market. Words Vicky Koffa

As soon as the decision for the location of the first ever International Convention Centre for Wales was made, building work began on the site in June 2017. The grounds of the Celtic Manor Resort in Newport offered an easily accessible site for the new Centre as it is adjacent to the M4 and just over two hours from London and close to Newport’s main line train station as well as the international airports at Cardiff and Bristol. Due for completion in June 2019, ICC Wales will provide a variety of facilities, such as total floor space for meetings, conferences, exhibitions and events of 26.000sqm, including a 4.000sqm pillar-free main hall, a 1.500 seated auditorium, 12 flexible meeting rooms, a double-height glass atrium and a 2.500sqm outdoor plaza for outside events and teambuilding.

With important universities covering all fields from Art to Medicine, such as the Bangor University and the Cardiff University, and high quality hospitals and research facilities, ICC Wales is eager to attract major international conferences in line with the knowledge opportunities the city has to offer.

Ian Edwards, Chief Executive of ICC Wales commented: “The hosting of large events like the 2014 NATO Summit or the Ryder Cup in 2010 showed that Wales has an appetite to be a contender in the meetings industry. With the building of ICC Wales, which will open in 2019, we will be able to accommodate large-scale conferences for up to 5,000 delegates, which we simply couldn’t do before. That way, the ICC will compete with leading venues around the world and, crucially, for the first time, position Wales as a leading business tourism destination, complete with prestigious universities, amazing hospitals and altogether some high-level knowledge you can’t find anywhere else.” 

A joint venture between the owners of the Celtic Manor Resort and Welsh Government, it is managed by Celtic Manor’s leadership team and has already two large scale conferences booked at the venue – Alzheimer’s Research UK Conference in March 2020 and the venue’s inaugural event – The Hospitality and Catering Expo in July 2019. Led by Dr Rosa Sancho, Head of Research at Alzheimer’s Research UK, the Alzheimer’s two-day annual conference will feature presentations from researchers and clinicians as well as opportunities to network and forge collaborations.


December 4, 2017

Breaking Down Brexit for Associations

Just because the UK is leaving the EU, it doesn’t mean they should be left out of the conversation. Now is the time for associations to refocus and adapt to an already changing world. Despite a lack of clarity about the effects of Brexit and what this means for associations, many are looking at this decision as an opportunity to effect change and create EU-wide coalitions. – Words Lane Nieset

“When one door closes, another door opens, but we so often look so long and so regretfully upon the closed door, that we do not see the ones which open for us.” This quote from scientist Alexander Graham Bell couldn’t ring more true today in the time of Brexit, a political situation Europe hasn’t faced and quite frankly, isn’t sure how to face. “We’re not quite certain what questions to ask since the situation changes each day, each week,” explains Dr. Rachel Barlow, senior advisor to Ellwood Atfield and Co-founder of the Association Leadership Academy, whose clients include international and EU business associations. “The UK government doesn’t seem to be in a strong negotiation position with the EU, which is what the EU wants; they want a solution to this.”

With trade between the UK and the rest of the EU worth over €600 billion per year, the UK industry is now looking to avoid what they call a ‘cliff edge,’ the case of there being no arrangement in place by March 2019 when Britain officially leaves the EU. “The way things are looking today, there’s a real prospect of there being no deal in March 2019,” Barlow says. “All of this political discussion doesn’t bode well for business. Brexit means uncertainty, and this has led to 40 percent of UK firms reducing or delaying investment.”

So what does this mean for European or international associations, who may receive EU funding or have English members? According to the Association for Financial Markets in Europe (AFME), whose members comprise pan-EU and global banks, as well as key regional banks, brokers, law firms and other financial market participants: “Brexit will have an impact on both our UK and EU27 members and it will vary considerably across banks, which are conducting extensive planning and putting in place arrangements, including setting up footholds in the EU27, to minimize disruption to their businesses and clients.”

Many associations initially took a stance of neutrality, but now this is starting to change. If associations don’t seek to influence the political situation and be there to defend their business platform, there’s a great risk that somebody else may do that for them.

While some European associations led by British members saw their director generals stepping down following the Brexit decision, others used this as a chance to show unity. “We already have members from Norway, Switzerland and Australia, so why shouldn’t the UK remain a member?” asks CEEMET Director General Uwe Combüchen, who represents more than 200,000 manufacturers across Europe. “We are inclusive. The UK is sitting in all of the meetings. We are standing together here from the employer side, which I understand is not the case for all associations.”

One great example is when CEEMET Chairman Terry Scuoler, who also serves as CEO of EEF, the UK manufacturers’ organization, offered to step down due to the political situation. CEEMET members overwhelmingly responded with a firm rejection his offer. “We want to show unity and that there are no borders for thoughts, no borders for brains,” Combüchen says.

While protecting and including British members is one side of the coin, the other is the very real possibility of UK-based EU associations, such as the European Medicines Agency (EMA), having to leave their current headquarters. EU states may compete to be the new headquarters for powerful European regulatory agencies like this one, where Bucharest has popped up as the unlikely bidder.

 “Bucharest argues that Romania remains the largest EU member state without a European Union agency based in its territory,” said Alexander Smotrov, Global Counsel’s Practice Lead on Russia, the CIS, Central and Eastern Europe, in one of the London-based firm’s recent post. “It will probably resonate with Brussels policymakers already anxious that the Brexit process become neither a policy stitch-up at the hands of Berlin and Paris, nor a carve up of EU assets in the UK between ‘older’ members.”

The full version of this article can be read in the November issue of Boardroom

November 27, 2017

Paris – Larger Than Life

Conferences and meetings are not just events organized in venues. Their impacts, whether on a scientific, social, economic and sometimes cultural level, are always greater than they are. A city like Paris may have understood this better than any other. With the opening, last week, of the Paris Convention Centre, the largest in Europe, it will attract even larger conferences and radiate like never before. Words Rémi Dévé

Paris Convention Centre in numbers

The new Centre is part of a large-scale renovation effort that will turn the Paris expo Porte de Versailles into an open space open to everybody. Located just 15 minutes from the Eiffel Tower, it features a main conference room for up to 5,200 people, directly connected to 44,000 sqm of exhibition space and is ideal for very large international conferences of up to 35,000 attendees. Its gardens, terrace and rooftop event space can accommodate up to 1,000 people, and features an exceptional view of Paris. The building has been given a new façade of undulating glass surfaces that open up the space the lobby is lit with daylight, like most of its meeting rooms and, unusually, its plenary hall.

Viparis, which manages the ten main meeting venues in the Paris-Ile-de-France region, had arranged a very special press trip on the occasion of the inauguration of Paris Convention Centre. It was not only about the new centre itself – even though the tour of the new facility with its highly modular hall of 25,000 sqm under an immense glassroof was quite impressive – it was also about showing the excellence of the region in many sectors, its key industries and, hence, its attraction to European and international associations.

In this context, the visit of NeuroSpin, a cutting-edge research centre in Saclay, was an eye-opener. The fastest growing scientific and technological cluster located 20 kms south of Paris, close to Versailles, Saclay is an educational hub with global reach, housing 15% of French public research from major research institutions like CEA, CNRS, INRA, and universities. There we were treated with an exclusive viewing of the giant magnet weighing 130 metric tons and the core component of the most powerful MRI (Magnetic Resonance Imaging) scanner in the world to be used for human brain imaging. To make such a powerful magnet, CEA research engineers had to design an instrument larger than any other.

Camilla Andersson, Forum Coordinator at the Federation of European Neuroscience Societies, said: The FENS Forum has established itself as the largest Neuroscience event in Europe. Taking place in even years, it usually attracts more than 6000 international delegates. In 2022, we have chosen Paris as our host destination because it’s a major player in the field, with a strong network of scientists, partners and collaborators, and literally dozens of research centres across the Ile-de-France region. We aim to promote excellence in neuroscience research in Europe at large and facilitate the exchange of knowledge – in this regard, Paris seems to be the ideal place to do so.

With the holding of the Olympics in 2024 and the unified effort that was deployed to win the bid to host the Games, it seems like something is happening in Paris. A metropolis with a human feel, where mobility is the priority, and all stakeholders involved in organising conferences seem to be on the same page, working hand in hand to make any kind of event a success, Paris has never been more ready to be a major player on the global scene.

More info on the venues managed by Viparis: /

(Photo: Paris Convention Centre, the day of its inauguration, on 22 November 2017)


November 19, 2017

Qatar Confirmed to Host ICEIRD 2018

Thanks to unified effort by Qatar Tourism Authority (QTA) and Qatar University (QU), Qatar has won the bid to host the International Conference on Entrepreneurship, Innovation and Regional Development (ICEIRD) in October 2018. Over 250 conference delegates are expected to attend the conference for which Qatar University will be ‘local host’.

ICEIRD is a three-day conference organised by the University of Sheffield’s International Faculty bringing together academics, university technology managers, entrepreneurs, policy-makers and businesses to foster and promote innovation-led growth. The conference offers a platform for academics, university technology managers, entrepreneurs, policy-makers and businesses interested in the theory and practice of university-industry links as well as innovation, entrepreneurship, and regional development.

First held in 2007, ICEIRD has been taking place annually for the past 10 years in Europe; for its second decade, it will rotate worldwide and be hosted in a different region every year. The 2018 edition will be the first edition to be hosted in the Middle East.

,Qatar has a strong track-record in successfully hosting large-scale international conferences and events. Between 2014 and 2016, Qatar hosted a total of 56 events affiliated with the International Congress and Convention Association.

Ahmed Al Obaidli, Director of Exhibitions at QTA said: “ICEIRD is a perfect match for Qatar as it is a regional hub where academics, innovators and entrepreneurs can continue to learn and share knowledge within and outside the walls of a conference hall.” He added, “The hosting of this event comes as part of our continuous efforts to work with local partners to attract international events and boost business events tourism’s contribution to the national economy.”

Professor Panayiotis Ketikidis, Founder of ICEIRD, added: “Taking the 11th ICEIRD beyond Europe is a step towards to satisfying global demand for the wealth of knowledge that the conference has produced through its wide network over the past decade. We are highly honoured that the ICEIRD 2018 will be hosted by the University of Qatar and are confident that being hosted in a true regional innovation hub will further expand the conference’s network.”

Qatar Tourism expands international efforts to further establish the destination’s relevance for congress organizers – recent steps include a waiver of visa for 80 international countries.

Meet the team of QTA at ibtm Barcelona at Stand J60, join the Qatar Tourism Authority for a VIP Welcome Business Lunch on Tuesday 28 November at 1PM (to register click here) or contact Johanna Fischer of tmf dialogue marketing Germany (, +49 9002 111).


November 12, 2017

Washington, DC:
Meetings With a Difference

Association planners looking for added value and a city that naturally enhances their program find that Washington, DC delivers. Innovative and vibrant, the U.S. capital offers not only state-of-the-art infrastructure, should it host your next event, it’s also a knowledge hub for key sectors that gives unmatched access to federal government and policy leaders.

According to Smith Travel Research’s 2017 DestinationMAP, Washington, DC is among the top three North American meeting destinations. Planners found DC’s safety and attractiveness appealing, as well as value and ease of access via three local airports. DC was also named the first LEED Platinum City in the world by the U.S. Green Building Council. Attendees will find environmentally-friendly practices throughout the city, starting with energy-reducing and recycling programs at the Walter E. Washington Convention Center.

Washington, DC delivers beyond traditional destination advantages. It is a top city for social entrepreneurs, the most educated city in the U.S. and serves as headquarters for renowned organizations such as the National Institutes of Health. These factors and many more have established the nation’s capital as a leader in industries including tech, biotech/pharma, education and medical.

“The District continues to be the epicenter for inclusive innovation and technology in the country,” said Mayor Muriel E. Bowser. “From opportunities that foster women entrepreneurs to the creation of innovation labs and incentives for tech company headquarters, DC is at the forefront of the tech movement and inclusive innovation growth.”

Easy to get to, easy to navigate by foot or bike, the nation’s capital offers unique cultural diversity, pairing international influence with a distinct local identity: it boasts exceptional venues and a dining scene packed with culinary talent, not to mention the country’s finest monuments and memorials and captivating museums that you can experience for free. And thanks to $11.8 billion in development underway, there will always be something new for you to discover!

This content is powered by Destination DC. Connect with them and read more about meetings and conventions in Washington, DC at



November 6, 2017

Going Further with GDPR

In order to move forward towards a greater compliance with the GDPR, associations should pay a good deal of attention to the following aspects, Benjamin Docquir writes.

Mapping the data flows and the entities responsible for them

One of the cornerstones of the GDPR is that organisations, including associations, must be able to identify what categories of personal data they process and who may decide upon the usage of such personal data. The entity identified as the “data controller” is accountable for the processing of the personal data vis-à-vis the individuals concerned (e.g. the employees or the individuals members of an association) and must be ready to answer requests from the regulatory authorities.

Where an association is active on a global scale or across several countries, including outside the EU, the GDPR may nevertheless be entirely applicable. The data controller must therefore ascertain whether and to what extent the GDPR applies to its activities and, where necessary, appoint a representative in the European Union.

Not only must the data controller have a comprehensive view of the data flows and data processing operations, it must also determine and implement appropriate policies and measures to ensure that the provisions of the GDPR are fully respected. Such measures will generally include drafting a comprehensive data protection policy, which will disclose in plain language the policies and practices of the association with respect to the processing of personal data.

Implementing the rights of employees and members (individuals)

Generally speaking, associations are likely to process the personal data of (i) their employees and internal resources and (ii) their individual members. The GDPR gives the so-called “data subjects” (i.e. the people whose data are processed) a number of rights in order to reinforce the degree of transparency and control over their personal data.

As a result, the associations must be prepared to inform the employees and members in a comprehensive manner, through the data protection policy or by giving them notice of a specific document, and make sure that they are provided with a number of information such as the categories of data processed, the purposes of processing, the legitimate aims pursued by the association, the storage duration of the categories of data, the recipients or categories of recipients of data, etc.

Managing relationships and contracts with data processors

The data controller may entrust an external entity, called the data processor, with the a number of tasks on its behalf. In such situations, the associations must carefully select the external provider, but also make sure that there is a written agreement in place that takes full account of all the obligatory mentions under the GDPR. The first and foremost of such mentions is that the data processor must process the personal data only upon the documented instructions of the data controller.

Again, associations must therefore have a clear picture of what categories of data they are making available or transmitting to their data processors, so as to be able to keep control of such data. Other topics that must be addressed in the written agreement with the data processors are the security requirements, the notification of data breaches, the obligation to take part to audits, the duty to assist the associations when dealing with a request from a member or an employee, etc.

Creating and maintaining a register of data processing operations

Associations must set up – and keep updated – a register describing the data processing operations. This register may be held in English. It must be made available on request to the regulators and contain a description of the categories of data processed, of the purposes of the processing, of the recipients or categories of recipients of data (i.e. who has access to the data), of the existence (if any) of transfers of data outside the European Union (or the EEA), etc.

Implementing security measures and data breach notification procedures

Associations must determine and implement appropriate security measures and policies to address the potential risks for rights and freedoms of individuals whose data are processed. Those measures may include encryption, pseudonymisation, access control and access management, training of employees, etc.

Whenever a security incident occurs, that may trigger an additional risk for individuals, the associations (data controllers) must notify such breach to the data protection authority, with a description of the data that is leaked or compromized, of the potential impact of the security breach and of the measures taken to remedy such impact, to address the flaws and errors that were identified and to mitigate the risks. In some circumstances, the data controller must also notify the individuals themselves about the breach.

International data transfers

Last but not least, associations must ensure that the rules on the transfer of personal data outside the EEA (EU + Liechtenstein, Norway and Iceland) are respected. Such transfers occur whenever a database is centralized in a third country (like the US for instance), or when personal data may be accessed from that third country.

Also, when associations appoint a service provider or a cloud computing services provider, there is a possibility of the data being hosted/stored outside the EEA. That shouldn’t happen without the association being aware thereof, because basically the GDPR states that such transfers are only allowed under specific circumstances or subject to specific conditions. These conditions may involve the fact that the third country is regarded as “safe” or providing an adequate level of protection, or the conclusion of specific agreements related to the data transfer, to ensure that the entity importing the data in the third country will abide by a minimum of fundamental principles of data protection.

The full version of this article can be read in the November issue of Boardroom. Benjamin Docquir is Partner at Osborne Clark, a law firm working across key industry sectors offering agile, insightful solutions, ground-breaking legal planning and a passion for bringing about meaningful, positive change. More information on

October 27, 2017

There’s something about Antwerp

With the holding of the Associations World Congress in March 2018 and the AIPC Annual Conference in 2019, it seems like Antwerp is not only in the mind of association planners in particular but also in that of the industry itself in general. The second largest harbour city in Europe and the second largest petrochemical cluster in the world, it indeed might have a few assets up its sleeves worth being looked at… beyond the diamonds and the fashion. Boardroom reports

In about 4 months, a few hundreds of association executives will converge to Antwerp from across Europe to attend at the Associations World Congress, one of the largest conferences of this kind, at the recently-launched Flanders Meeting & Convention Centre, located within the Antwerp Zoo. The event will once again be co-located alongside the Association Leaders’ Forum for Executive Directors, focusing on critical issues of importance for association leaders.

Later, in 2019, AIPC, the international association of congress centres, will hold its annual conference in the exact same place, bringing together its members to consider key industry issues and hear from top professionals in a variety of business events related fields.

Being host to so many associations who will experience the city and its many offers lie at the core of Antwerp’ ambitions As an emerging international meeting destination, it wants to compete on the global scene and its strengths to do so are numerous: a good location only half an hour from Brussels, a compact, human size, an easy transport system, accommodation options for all kinds of budgets, and an excellent mix of traditional and modern facilities overall.

The Flanders Meeting & Convention Center (FMCCA) within walking distance of the historic city centre is the latest addition to the already rich portfolio of Antwerp meeting infrastructure: it’s adjacent to a beautiful historical zoo and can now welcome congresses of up to 2,000 people.

Should you need help for your next event, Antwerp Convention Bureau will ensure optimal collaboration with their local partners such as FMCCA, Antwerp Hotel Association, Antwerp Expo, Sportpaleis and others – a critical approach to be able to offer tailor-made services to association planners!

More information: Visit Antwerp / /+32 3 338 81 81 /







October 21, 2017

GDPR: How Associations Should Understand it

The General Data Protection Regulation, referred to simply as the “GDPR”, is Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016. It concerns the protection of natural persons regarding the processing of personal data and on the free movement of this data. Words Terrance Barkan CAE, Chief Strategist at GLOBALSTRAT

Because associations maintain extensive databases of personal data, this Regulation directly impacts how associations will collect, maintain and manage the data that is vital to their operations. Note: “Personal Data” and “Personally Identifying Information” or “PII” are not the same thing and are often confused. Personal data is defined below.

What is equally important, this Regulation applies to any organization, regardless of where it may be located or headquartered, that maintains data of an EU resident. This casts a very wide net and touches essential any international organization.

What is the GDPR?

The GDPR came into force on 24 May 2016. However, due to its two-year implementation period, the GDPR will only be applicable from 25 May 2018. At this point, organizations have less than 10 months to ensure they are able to comply. Because the GDPR is an EU wide regulation, it does not require Member States to pass additional legislation for implementation. Some EU Member States (such as Germany, Ireland and the UK) are however taking the opportunity to introduce new domestic law at the same time.

The GDPR covers the processing of ‘personal data’ that relates to ‘data subjects’ by or on behalf of a ‘data controller’. ‘Personal data’ is defined as any information that relates to an identified or identifiable natural person (the ‘data subject’). An identifiable natural person is anyone that can be identified, either directly or indirectly, by reference to anything that can ultimately identify them. This includes a name, an identification number, location data, an online identifier or to data that relates to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Based on this broad description, it is clear that much of the types of data that associations hold on their members, prospects, former members, sponsors, donors, meeting participants etc. would be considered as ‘personal data’.

The entity who determines the purposes and means of processing is the ‘data controller’.  This is contrasted with a ‘data processor’ which processes personal data on behalf of the data controller. There are many changes for data processors under the GDPR, with many of the contractual obligations on them having been placed on a statutory footing. In practice the distinction between a data controller and a data processor is often not easy to ascertain.

The difference between a Data Controller and a Data Processor

One way of looking at this is in the example of an association that outsources its IT services to a third party (think of an online database management application). This is not an unusual situation, especially for many associations that outsource the hosting of their websites that may have an online membership directory as just one example.

The association in this case would be considered the ‘data controller’ because the association maintains ‘control’ over the data (it is collected, maintained and manipulated at the direction of the association’). The third-party service provider(s) would be considered a ‘data processor’ because they have access to the data through the provision of their IT services.

What are your responsibilities?

The ‘data controller’ bears the responsibility to prove to the relevant ‘supervisory authority’ that it is properly following the guidelines and regulations regarding the acquisition and management of personal data.

These Regulations include the following principles regarding the handling of personal data:

  • Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly and in a transparent manner.
  • Purpose limitation: Personal data must be collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Data minimisation: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy: Personal data must be accurate and, where necessary, kept up to date. Personal data that is known to be inaccurate is to be erased or rectified without delay.
  • Storage limitation: Personal data must not be kept in a form which permits identification of data subjects for longer than is necessary.
  • Integrity and confidentiality: Personal data must be processed in an appropriately secure manner including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by the use of appropriate technical or organizational measures.

Note: This is where associations must have confidence that the third-party services they use to manage data are properly secured. If your third-party provider causes a breach, the association will remain liable.

  • Accountability: The data controller is responsible for, and has to be able to demonstrate compliance with, the principles stated above.

Regulation and enforcement of the GDPR is performed by a country’s ‘supervisory authority’ which in some countries may include data regulators at a national as well as a regional or local level.

In addition to the principles listed above, data controllers (associations) must also meet at least one the following criteria:

  • Obtain consent: The data subject must give clear consent to the processing of his or her personal data for one or more specific purposes.
  • Performance of a contract: Data processing is necessary for the performance of a contract with or on behalf of the data subject. For associations, membership and the delivery of services can be considered a contract. “Necessary” is a key element here however. Regulators and the courts are likely to interpret this narrowly and convenience is not the same as a necessity!
  • Compliance with a legal obligation: Data processing is necessary for compliance with a legal obligation to which the data controller is subject. Again, this is a narrow criteria and a US legal obligation is unlikely to be sufficient.
  • Vital interests: Data processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Public interest: Data processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller. To meet this requirement it is likely to be in the interest of the public in the relevant Member State – US public interest will not be sufficient.
  • Legitimate interests: processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

What are the penalties for non-compliance?

Each supervisory authority has a range of investigative, corrective, authorization and advisory powers in order to ensure compliance with the GDPR. A supervisory authority has the ability to:

  • Issue warnings.
  • Order the data controller or the data processor to comply with a data subject’s requests to exercise his or her rights under the GDPR.
  • Order the data controller to communicate a personal data breach to the data subject(s).
  • Impose a temporary or definitive limitation including a ban on processing.
  • Order the correction or erasure of personal data or restriction of processing pursuant to a data subject’s rights.
  • Impose an administrative fine.
  • Order the suspension of data flows to a recipient in a third country or to an international organization.

In addition, fines can be imposed, ‘in addition to, or instead of’ the corrective powers a supervisory authority has at its disposal. The potential levels of these fines are quite staggering.

  • a fine of up to €10,000,000, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
  • a fine of up to €20,000,000, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year for the most severe forms of a breach, including violations of the basic principles for processing, including conditions for consent, the data subjects’ rights, the transfers of personal data to a recipient in a third country or an international organization, or non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority.

What next?

This article is meant to give a very brief overview of some of the most important elements of the GDPR. There are many more details to be considered regarding the rights of data subjects and how data controllers (in our case, associations) must act when acquiring, storing, managing and deleting personal data.

Associations will need to get proper legal compliance advice when it comes to the GDPR implementation. Because associations collect and manage data through multiple platforms (database management systems, websites, event registrations systems, members only networks, etc.) the range of exposure can be higher than imagined.

For more information of the GDPR and access to a webinar on the subject, visit More on GDPR in the November edition of Boardroom.

Acknowledgement: Terrance Barkan wants to thank Cordery, London, UK for the permission to reference some of their source material as an inspiration for this article.


October 14, 2017

What AccorHotels Can Do for Associations

Xavier Guillemin, Executive Director Association, Sport & Entertainment Worldwide Market at AccorHotels, explains how the hotel chain can be more than a supplier to associations.

How does AccorHotels cater specifically to European and international associations?

As one of the leading groups in the hotel industry, AccorHotels can meet all the needs with over 4,200 hotels from economic to luxury located in 95 countries. Within this network, we have a dedicated offer for associations where they can organize their entire event including meeting space, food & beverage and accommodation. Thanks to this network and also to the congress expertise we have developed in our hotels, associations will have the chance to sign one contract for one event organized in a one-stop venue.

We heard that AccorHotels has put a kind of association education scheme for their hotels. Can you elaborate extensively on this? Because we think it’s rather unique.

Indeed, and this has been deployed at a worldwide level.

But let me tell this story from the beginning. As we received several complains from associations working with hotels, we realized that many hotels the world over were not able to differentiate a corporate meeting from an association congress. With the help of clients, hotels and destinations, we thus decided to create an Internal Congress Charter that highlights the essential business principles of working with associations. This charter’s aim is to ‘educate’ 310 hotels selected on their capacity to host congresses. We asked all these hotels to commit to the Charter for 2017 and 2018.

It takes the form of a simple and short document of 6 pages. It includes key features such as a description of and the challenges faced by a non-for-profit organization. We cover also long term business opportunities management and why hotels must think ‘destination first’  by working together with convention bureaus.

Thanks to this process, we estimate that more than 1,100 colleagues have been trained to the specificities of the association market.

In addition, based on the content of this Charter, we developed 11 AccorHotels’ commitments towards the association market and created the “Success in Congress” campaign.

Any infrastructure development you’d like to share with the readers of Boardroom?

AccorHotels is a worldwide group in constant evolution as we need to grow and diversify our activities in order to anticipate market evolutions. In 2016, we had one hotel opening every 36 hours. In order to enrich our portfolio, we acquired last year all hotels from Fairmont, Raffles & Swissôtel and more recently we developed strategic partnerships with Rixos and Banyan Tree.

As of today, in the ICCA Top 10 cities, we already have 45 hotels with large meeting capacity ready to host congresses.

The last opening was in early October 2017, in Seoul, South Korea, with a huge complex that includes 4 hotels (Novotel, Suites Novotel, Ibis Styles, and Grand Mercure) with 1,700 rooms and huge meeting capacity.

Moreover, our flagship Pullman Paris Montparnasse is going through a full renovation plan and will reopen in 2019 with more than 900 rooms and spectacular meeting spaces.

Picture: Seoul Dragon City © Kim Dae Ik