Are You Putting Your Event Data at Risk?
Bhubnesh Maharana
Event Manager
Planning
Security
6 min reading
Table of contents
Introduction
Understanding GDPR
Data Collection Practices
Securing Attendee Information
Working with Third-Party Vendors
Benefits of Compliance
Introduction
On May 25, General Data Protection Regulation (GDPR) supersedes the Data Protection Act. As countless of 'please confirm you opt in to our mailing list' emails bounce around their inboxes, event planners need to be in step with what the changes mean for their approach to collecting and processing data and, ultimately, with the benefits of the new regulation. GDPR won't stop data being the event currency, but the modified 'exchange rate' operates between tighter, more effective guidelines and planners need to understand it to cash in.
Understanding GDPR
GDPR represents the biggest shake up in data protection and privacy regulations in decades. It affects how event planners collect, store, and process personal data from attendees. The regulation applies to all EU citizens' data, regardless of where the event or organization is based. Non-compliance can result in hefty fines of up to €20 million or 4% of global annual turnover, whichever is higher.
Data Collection Practices
Under GDPR, event planners must be transparent about what data they're collecting and why. Consent must be freely given, specific, informed, and unambiguous. This means no more pre-ticked boxes or implied consent. Attendees must actively opt-in to having their data collected and used for specific purposes. Additionally, they have the right to access their data, correct inaccuracies, and even request deletion.
Securing Attendee Information
Event planners must implement appropriate technical and organizational measures to protect personal data. This includes encryption, regular security assessments, and data minimization practices. Only collect what you need, and only keep it for as long as necessary. In case of a data breach, organizations have 72 hours to notify the relevant supervisory authority.
Working with Third-Party Vendors
Many event planners work with third-party vendors for registration, mobile apps, and other services. Under GDPR, you remain responsible for the data even when it's processed by these vendors. Ensure all contracts include GDPR-compliant data processing agreements, and verify that vendors have appropriate security measures in place.
Benefits of Compliance
While GDPR compliance requires effort, it offers significant benefits. It builds trust with attendees, improves data quality through better collection practices, and reduces risk. By focusing on collecting meaningful, permission-based data, event planners can actually improve their marketing effectiveness and attendee experience.
