12 Specific, Practical Actions to Take Before Your Next Event to Ensure GDPR-Compliance: Part Two

February 26, 2018

Maria Keenan

Maria is the Inbound Marketing Manager for Tito, an event registration software company based in Dublin, Ireland.

My first post covered the steps event marketers should take towards GDPR compliance leading up to the event – now it’s time to talk about what happens onsite and beyond.

The Big Day

  1. Event Tech

RFIDs are so cool. Live Tweet walls are so cool. The future is so cool, generally. But a lot of people have seen Black Mirror and have some serious concerns around the misuse of technology.

The level of innovative systems now available for attendees to play with is staggering, especially when it comes to tech conferences and events. However, while many people find this intriguing and engaging (this writer included), some others will find it intrusive. So, when you’re using any new system that uses information about people, make sure you’ve alerted them to it, and they’ve let you know if they’re cool with it.

Action: As well as the DPA requests outlined above, audit and segment attendees with different levels of consent and order materials needed to delineate them accordingly.

  1. Lead Lists

One of the oldest tricks in the conference book is (somewhat unfortunately) swapping lead lists with sponsors in order to secure additional funding.

At the dawn of GDPR, this practice will be resigned to the history book. You’ll have to specify the intent of each third party that is entitled to attendee information and the use cases for each of their possession of it.

Action: Draft an NDA with vendors. Cleanse lead lists in spreadsheets and databases of leads that didn’t wittingly consent to event content or third-party content.

  1. Photos

I can’t tell you how many awful candids there are of me frowning into coffee cups at early morning keynotes. I’d rather there weren’t any, but I haven’t always had the chance to disagree.

Photos of someone are considered a part of their identifiable information under GDPR, so it’s worthwhile to review your policy to make sure it’s suitable for future conferences and their attendees.

Action: Add photo use (promotional, etc.) and timeframe to privacy policy. One recommendation that offers practical visuals is having different colored stickers or lanyards for those who do or don’t consent to the use of their image in future materials.


  1. Research

While it may seem innocuous to use someone as a number on a spreadsheet, the GDPR legislators don’t see it that way. Attendees will have to consent to being included in research in the same way they are for profiling.

Action: Add research consent to privacy policy. Notify any external data modelling or analysis actors or agencies of this change and ensure that they’re capable of adhering.

  1. Data Storage and Security

Even if you’re not a security expert, a lot of the forerunners for GDPR compliance at organizations are marketers. Now is the time to look over your systems and find out where there might be vulnerability.

Action: Make sure that systems hosting data are up-to-date with their ability to prevent breaches and hacking.

  1. Updates

Congratulations! You’ve reached the end of your event cycle. You’ve delighted people around the venue and beyond - and stayed in compliance with GDPR.  But if this isn’t your first rodeo, you know there’s still some work to be done.

As you’ll probably be keeping some data that you’ve gathered throughout planning and executing your conference, it’s time to remove those who wish to be removed, and edit or update the records associated with anyone who has requested that action be taken.

Action: Re-examine lead lists. Pseudonomise those who request it. Delete those who request it.

Aaaaand, you’re done!

While this isn’t a fully comprehensive to-do list, it should set you on the right path for event marketing under the GDPR.  My team and I have worked with a lawyer on all of our GDPR articles, but not every case is the same. So I can’t guarantee that every organization should follow the exact same steps – but hopefully this will put you on the right path. Please always seek independent legal advice when working towards GDPR, and I wish you the very best of luck for a smooth process.

For more practical GDPR information from Tito, go HERE.

Add new comment

Partner Voices
Just when it seems like Las Vegas can’t get any bigger, brighter or more exciting for groups, MGM Resorts raises the bar again. The company continues to invest and innovate across its portfolio of Las Vegas resorts, with new attractions and upgraded experiences for attendees of all interests.  Remodeled Guest Rooms MGM Grand is the largest single hotel in the world with over 5,000 guest rooms and an 850,000-square-foot conference center. It is home to the newly remodeled MGM Grand Studio Tower—700 reimagined guest rooms with a fun mid-century vibe. Nearby, the iconic New York-New York Las more