The General Data Protection Regulation (GDPR) is a piece of European Union legislation that comes into effect on May 25, 2018. It regulates how companies collect, use, and store individuals’ personal data.
As an event planner, you’ll likely be collecting and using personal data about your attendees, speakers, and other stakeholders—such as names, job titles, emails, etc.—through your event registration tool and event app.
Event technology vendors can’t be designated GDPR-compliant or not. How you use and collect participant data via these tools determines whether or not your organization is GDPR compliant.
To be GDPR compliant, event planners/companies should:
- Have a published Privacy Notice
- Have a published Terms of Use for your event and event technology
- Have a way to help participants hide public profiles in the app if they request it
- Prepare to provide a timely response to data access and deletion requests
Even if you are not located in the EU, or your events don’t take place in the EU, you are still subject to GDPR if any of your participants are from the EU, or participants can access or share other users’ data anywhere in the EU.
To learn how you can ensure your event data collection methods are GDPR compliant via your registration tool and/or event app, read the following articles:
1. How do I publish a Privacy Notice?
2. How can I control which attendees’ profiles are public in the app?
3. How do I respond to data access and deletion requests?
4. Sample Privacy Policy
5. Sample Terms of Use
To learn more about GDPR, visit the official GDPR website, and read the FAQs page.