How will the new EU Data Protection Regulation affect on event professional's everyday work? We put together five things that will help event managers and organisers ease their biggest GDPR pain.
As the interpretation of the regulation can’t be accurately determined before it’s validated by adjudication in court, we won’t accept legal responsibility if you decide to act according to our suggestions or instructions. But we have thought these answers over together with lawyers who specialize in data protection, so there’s no actual legal conflict. It is good to remember though that all instructions are given on a case by case basis. The suggestions we are providing for the questions are literally only that, suggestions, and we always recommend that if anything is unclear, you go through your queries with a lawyer specialized in your branch of business.
1. Is it possible to adequately and safely manage participant lists in Excel at all anymore?
Possibly, if you only have a couple of events per year. Even then you should remember the life cycle assessment of information, and determine what you do with the files once the information isn’t needed anymore. If a participant wishes to check on their information or remove it, the information should be pulled or deleted from all databases, even if the information has been sent as an Excel-file to the bus company or the catering firm. Pretty soon you will be faced with the situation that it is impossible to control all the locations of the files with information, unless the information is stored in one easily controlled database.
2. Keeping the GDPR regulations in mind, how can I share the participant list of an event to other participants of the same event?
4. How long can I store participant information for?
It depends on the nature of the information. Event specific information that you don’t need after the event has ended should be removed as soon as the information is no longer needed for the successful organization and follow-up of the event. It is however possible that you have a so called ‘legal right’ to some of the information. If the participation to an event creates an invoice, this information needs to be stored for a minimum of six years according to the bookkeeping act. On the other hand, the same event might have gathered information on e.g. shoe sizes and food allergies, and there is no need to store this kind of information for any long periods of time. You should always, when possible, follow the principle of data minimization.
5. How can I market new events to contacts acquired at previous events?
Psst, there's more! In November 2017 we organized a GDPR-themed event for event professionals in Helsinki. The audience got to ask questions about how the GDPR impacts their work, and our experts provided the answers. These questions and answers have been compiled into a free guide. You can download the guide from here!