If you receive a subject access request (SAR), you have 30 days to respond to tell the user what data you have collected on them across platforms, how it is being used, who has access to it, and where it is being stored. Users also have the right to request data be deleted under certain circumstances.
To make it easy for users to make these requests, you should outline who and where SARs can be sent to in your Terms of Use document.
It’s also important to internally document where any of the data you’ve collected in the app is being shared pre- and post-event (sponsors, internal stakeholders, etc.).
If you need help implementing any GDPR compliance tools or resources, please contact Support.