The rules on privacy and the information you are allowed to collect from different audiences are becoming stricter. We've witnessed the GDPR come into force and implemented the latest rules about collecting data linked to cookies.
Events are still a great way to get to know people interested in your business. But even with events, there are rules in place that you should follow to stay compliant when it comes to collecting and storing data.
This blog explains the basic rules about privacy you should remember when organising an event.
Privacy questions to consider before the start of your event
Participants make your event. And, when there are people, there must be personal data that you need to handle with respect. With events, you should keep a close eye on privacy questions from the planning table to the post-event retro. When you start planning an event, consider these factors.
The purpose - What is the purpose of personal processing information? In legal terms, the legitimate reason is also used in this context. When organising an event, the event itself can be a reason to collect personal information; other grounds to process personal data may be relevant, depending on who is participating, what kind of information is collected, and where it is used. Consent shouldn’t be overused, but it may, however, be necessary if personal data is used, for example, in marketing communication after the event.
Collecting information - What information is needed to organise an event? Collecting personal data should be limited to what is required. From the event perspective, this is quite simple. For example, you must ask for detailed diet information if you serve food.
Privacy notice - Check that your privacy notice is updated and linked to your registration form. The privacy notice should at least contain information about how the personal data is used, for what, and for how long.
Third parties - Do you need to share the participants' information with a third party for commercial reasons? If yes, consent should be considered so that attendees can determine if they want to share their information with a third party.
Privacy at the event
Usually, the event itself is the most stressful part of event management. But from a privacy standpoint, it might be the easiest to handle. Still, there are a couple of things to keep in mind.
Sharing data - Share attendees' information only for those who need it. Digital format is better than printing out lists because you can control access to the information.
Photos - Are you going to take photos at the event? Keep in mind that taking generic images from the event is acceptable without permission. Still, if you take photos specifically from individuals, you should ask permission to use the photos after the event. A good practice is informing them about photography already in the registration form or in another message sent to the participants.
In the end, say goodbye to your data
At the end of an event, you'll likely have a lot of data about your participants. Registration lists, participant data, and perhaps the information you've collected during the event. You can hold on to the data with a valid reason, e.g., you need the data to manage the customer relationship. But otherwise, it's time to part ways with the data in one way or the other.
Delete or anonymize - After the event, delete or anonymize the information that is not needed anymore. Otherwise, you can use the information you have stated in the privacy notice.
With these points, you have a decent baseline for event privacy.