12 Specific, Practical Actions to Take Before Your Next Event to Ensure GDPR-Compliance: Part One

February 19, 2018

Maria Keenan

Maria is the Inbound Marketing Manager for Tito, an event registration software company based in Dublin, Ireland.

Acronyms, folks, am I right?

(IDK, but I’m SMDH about GDPR. AFAIK, u r 2.)

Between these (and other) daft initialisms, scaremongering click-bait, and alarmist legalese the GDPR hype is becoming an ever-louder buzzing noise in the back of marketers’ minds.

The reason GDPR has been set up – to protect us and everyone else – isn’t the first thing that we’ve learned to think of when it comes to the subject. We’re too distracted by the prospect of being fined €10 million.

As an attempt to cut through the noise, I’m going to run through the lifecycle of the event with practical steps event marketers can start to implement immediately after reading it:


  1. Social Media

Ever get an ad for bikinis as someone who can’t swim? I have. Lookalike audiences can work really well (such as when they get you leads for $3.75 each) – but some of us have reason to want to opt out of them. Whether you’re like me and you think the irrelevance is startling, or you’re on the opposite end of the spectrum and afraid to speak in the same room as your phone for fear of the NSA targeting you on Facebook, it’s okay.

Your attendees are people. Because of the consensus that privacy is not only acceptable, it should be legal, social media advertising might be up for a seismic change under GDPR. Individuals will now have to actively consent to being targeted using mirror or lookalike audiences.

Action: Add mirror/lookalike audiences to privacy policy if you’re using the details you’ve collected to target traffic from strangers. Look into guest blogging, a technical SEO audit (including the dreaded alt-text minefield), and pillar content marketing as data-friendly alternatives to gaining additional traffic and leads. 

  1. Profiling

That might mean bucketing your traffic together into which persona fits them best. It might mean targeting specific demographics with different messaging because they’re part of that particular demographic, such as making a list of people in your database who have said they like cars on one of your forms and sending them emails about the Ford Pinto.

As with lookalike audiences, GDPR spells the end of unsolicited profiling. So, if you want to promote your next event to people based on what they have in common with your previous attendees, you’re going to have to let them know.

Action: Add consent to profiling, and every use case to your privacy policy.

  1. Emailing Existing Customers

They’re your customers, right? They love you, and your events. They’ve been around the block; they’ve gotten emails, taken your branded pens, they’ve even given you a 9 on your NPS. You’re practically blood relatives, by those accounts.

The data commissioner won’t buy that defense.

When emailing your existing customers, by all means keep doing it if it’s about a similar product or service that they’ve purchased off you within the last 12 months. But, if it’s not (you’ve guessed it) you’ll need consent.

Action: Perform an audit of members of your customer database who have consented into being a customer within the last year.


  1. Ticket Processing

This brings us to the somewhat scary question of vendor DPAs. (Like this one from Salesforce). Putting your trust into the hands of someone is daunting enough when you’re going to use their software for personal needs, let alone processing your sensitive data.

In accordance with GDPR, any business that conducts business in the EU is liable under the regulation, so in order to be on top of your own liability, you’ll need to have documented evidence that your suppliers are also compliant.

Action: Request an DPA to be delivered to you before 25th of May from all vendors involved in your event cycle.

  1. Landing Pages

Personalization is something that’s been shown to increase conversion rates since it was first adopted as a component of our marketing strategies. That said, when promoting your event on landing pages, if you’re going to personalize it to greet someone by their first name, for example, you’ll have to include that as a way you’re using their information from the get-go.

Further to that, if you use downloadable content – such as a proposal letter to convince attendees bosses why they should be given funding or time off to go to your event – you’ll also have to add your privacy policy to any forms where they exchange identifiers for that collateral.

Action: Make a sitemap of all landing pages used to bring potential attendees further down the funnel. Add privacy policy, in clear language, to those pages. (A link is fine).

  1. Checkboxes

Ah yes. The age-old problem of “These terms and conditions are very long, I’ll just click “Proceed” and hope they don’t own my kidneys.”

Well, maybe not in so may words, but the principal stands. Marketers have long since held the luxury of pre-ticked consent boxes which, as you would expect, have improved their subscriber rates on forms. However, under GDPR, this will no longer be permitted.

Instead of bemoaning the loss of “quality” contacts, marketers should take reassurance from the fact that any new subscribers are genuinely subscribing, rather than forgetting to uncheck a box. They’re far less likely to unsubscribe from any correspondence in the future as a result.

Action: Update marketing automation/landing page/form software to exclude pre-checked checkboxes. A good, similar action to take at this time is to ensure that you have an explicit opt-in policy for cookies used on your site as well.

  1. Emailing Sign Ups

“Oooh, what’s this?

Oh. A sales pitch. *delete*”

This inner monologue is one I've gotten used to.  All too often, marketing departments push a hard sell (or upsell) at the first sight of someone who’s willing to get information in their inbox.

One of the most important marketing benefits of GDPR is that by giving people who buy tickets or register the opportunity to know exactly what kind of information you’re going to sell them and letting them pick and choose, you can get more relevant, welcome information to those attendees.

Unless an attendee who’s signed up wants to upgrade to a VIP pass, or wants more information about other options available that are profitable to you, you'll now have to let them come to you.

Action: Draft the copy for your privacy policy, or delegate a teammate to do so. Arrange contact with legal counsel to approve or edit the declaration.

Now you're ready for the big day (or for longer events, days)! My next post will cover compliance tips useful for managing GDPR compliance onsite and after the show is over

For more practical GDPR information, go HERE

Add new comment

Partner Voices
Just when it seems like Las Vegas can’t get any bigger, brighter or more exciting for groups, MGM Resorts raises the bar again. The company continues to invest and innovate across its portfolio of Las Vegas resorts, with new attractions and upgraded experiences for attendees of all interests.  Remodeled Guest Rooms MGM Grand is the largest single hotel in the world with over 5,000 guest rooms and an 850,000-square-foot conference center. It is home to the newly remodeled MGM Grand Studio Tower—700 reimagined guest rooms with a fun mid-century vibe. Nearby, the iconic New York-New York Las more