How to create an event in compliance with GDPR

The General Data Protection Regulation ("GDPR") is a new data privacy regulation that applies to any event worldwide that collects data from citizens of the European Union.

This regulation should be called the "Data Transparency Act". Event organizers who collect personal data from attendees living in the European Union now have to obtain their expressed and free consent to collect and use their data. EU citizens have the right to access their private information and to request its deletion.

The GDPR must be treated seriously because it impacts almost all event organizers around the world. Penalties for non-compliance are up to 20 million euros or 4% of the overall turnover of the company concerned.

What are the 5 key principles of GDPR?

GDPR can be summarized in 5 key principles.

Consent

You must obtain consent from your EU citizen attendees to store and use their data and explain in a transparent way how it will be used.

Privacy

Attendees can ask you to delete their data and to stop sharing their data with third parties. These third parties are obliged to stop processing the data and and must delete it upon request.

Security

Any security breach should be reported to attendees with 72 hours and you are liable to use technology systems that manage attendees data according to industry standards.

Portability

Attendees can ask you to transfer to them their data in a digital format in order to transmit their data to another data controller.

Access

You must provide your attendees access to their data within 30 days and explain to them how you are using their data.

Discover how APIDays executed the first GDPR-compliant event and used it as a competitive advantage

Discover the case study

Understanding the impact of GDPR on your event

Find out what you need to do to comply with GDPR rules, step by step.

GDPR and the event industry

Information obligations

Security obligations

Summary of your obligations

Swapcard and GDPR

GDPR and the event industry

What is the GDPR?

Why are organizers and event platforms concerned with GDPR?

Why do you need to be vigilant?

What obligations does GDPR impose on the organizer?

Information obligations

What information do you have to communicate to your participants?

What information do you need to mention in your ticketing?

What must be done regarding data transfers outside the EU?

What are the rights of your participants?

Participants' consent

How must the participants' data be collected?

How do you acquire consent from your participants?

What about consent related to data collected for business prospecting?

What about data transfer regarding badge scanning, business cards and networking platforms?

Security obligations

What is the shelf life of the participants' data?

What digital security does the organizer have to guarantee?

What are the requirements regarding the recording of processing activities?

What obligations do IT subcontractors have to follow?

Who manages processing data for the participants?

Should you appoint a data protection officer?

Summary of your obligations

Summary of your obligations under the GDPR

Swapcard and GDPR

How does Swapcard treat and respect participants’ consent?

How is our lead capture system GDPR compliant?

How do our legal documents follow GDPR guidelines?

How do we comply with data security and privacy?

Disclaimer. This document is intended to convey general information only, and should only be used as a starting point in your understanding of issues relating to GDPR. This is not intended as legal advice, nor is it meant to convey legal facts or opinions. The contents of this document should not be relied upon in any particular situation, and the information presented here is not guaranteed to be correct, complete or up-to-date. No action should be taken in reliance on the information found here, and Swapcard disclaims all liability with respect to any acts or omissions based on the contents of this document. You should consult a licensed attorney or regulatory expert to discuss your specific legal, compliance and GDPR-related issues.

You want to make your event GDPR compliant? Contact us

Talk to us