<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1029501197232858&amp;ev=PageView&amp;noscript=1">

Lyyti Blog > GDPR Q&A: 5 things every event organiser should know

GDPR Q&A: 5 things every event organiser should know

How will the new EU Data Protection Regulation affect on event professional's everyday work? We put together five things that will help event managers and organisers ease their biggest GDPR pain.

As the interpretation of the regulation can’t be accurately determined before it’s validated by adjudication in court, we won’t accept legal responsibility if you decide to act according to our suggestions or instructions. But we have thought these answers over together with lawyers who specialize in data protection, so there’s no actual legal conflict. It is good to remember though that all instructions are given on a case by case basis. The suggestions we are providing for the questions are literally only that, suggestions, and we always recommend that if anything is unclear, you go through your queries with a lawyer specialized in your branch of business.

GDPR round table.png

1. Is it possible to adequately and safely manage participant lists in Excel at all anymore?

Possibly, if you only have a couple of events per year. Even then you should remember the life cycle assessment of information, and determine what you do with the files once the information isn’t needed anymore. If a participant wishes to check on their information or remove it, the information should be pulled or deleted from all databases, even if the information has been sent as an Excel-file to the bus company or the catering firm. Pretty soon you will be faced with the situation that it is impossible to control all the locations of the files with information, unless the information is stored in one easily controlled database.

2. Keeping the GDPR regulations in mind, how can I share the participant list of an event to other participants of the same event?

When you want your participants to be able to view a list of other participants in the same event, and you want this to be something standardized for all your events, it is a good idea to write this down in the privacy policy/DPA. If this scenario hasn’t been mentioned in the Privacy policy, and/or it is something needed more rarely, you need to have consent from the participant through a question on the registration page. On the other hand, if your event is e.g. a networking event, you can deny participants who won’t consent to the sharing of their participant info access to the entire event.

3. Does each individual event create a separate register? Do I have to create a new privacy policy for each event?

No need. A single event hardly ever forms a separate register, events tend to be parts of a bigger register or filing system that already has a privacy policy in place. If you create events for e.g. your clients only, their information is a part of your client registry. If you organize events for marketing purposes, the participant information is usually part of a marketing register. If you organize a very big event together with several other organizers aka. co-processors, and the event is organized with long intervals in between (e.g every two years), it might be a good idea to create a privacy policy of it’s own for this event. In this case it’s best to think of the continuance of the event as well. If you intend to use the participant information in your following event, it’s good to mention this in the privacy policy.

4. How long can I store participant information for?

It depends on the nature of the information. Event specific information that you don’t need after the event has ended should be removed as soon as the information is no longer needed for the successful organization and follow-up of the event. It is however possible that you have a so called ‘legal right’ to some of the information. If the participation to an event creates an invoice, this information needs to be stored for a minimum of six years according to the bookkeeping act. On the other hand, the same event might have gathered information on e.g. shoe sizes and food allergies, and there is no need to store this kind of information for any long periods of time. You should always, when possible, follow the principle of data minimization.

5. How can I market new events to contacts acquired at previous events?

The current privacy laws that have been valid or the past 15 years have stated that you must have a privacy policy, and in it you have told the participant what their information will be used for. If you have done so, and the list is still up to date, you can continue using it just as you did before. If it’s a bit unclear whether you’ve included a privacy policy or checked for marketing consent, we highly recommend that you check with the people on the list (before May) whether they still wish to receive marketing emails from you.

Psst, there's more! In November 2017 we organized a GDPR-themed event for event professionals in Helsinki. The audience got to ask questions about how the GDPR impacts their work, and our experts provided the answers. These questions and answers have been compiled into a free guide. You can download the guide from here!


Download for free: 39 Questions about the GDPR by Lyyti


Written by Kaisa Oksanen on 06-Feb-2018 12:25:31

Follow me: