The GDPR (General Data Protection Regulation) is a new regulation of data privacy that applies to any event worldwide that collects data from EU citizens. Event organizers who collect personal data from attendees living in the European Union must obtain the participants' expressed and free consent before collecting and using their data. Sponsors like IBM are careful about sponsoring conferences where the collected leads are not GDPR compliant. Failure to comply with GDPR can result in a fine of up to 20 million euros. Event organizers must prove to their sponsors that they are complying with GDPR to secure their sponsoring and change the way they monetize their audience.

What are the 5 key principles of GDPR?

Consent

You must obtain consent from your EU citizen attendees to store and use their data and explain in a transparent way how it will be used.

Privacy

Attendees can ask you to delete their data and to stop sharing their data with third parties. These third parties are obliged to stop processing the data upon request.

Security

Any security breach should be reported to attendees with 72 hours and you are liable to use technology systems that manage attendees' data according to industry standards.

Portability

Attendees can ask you to transfer their data to them in a digital format in order to transmit their data to another data controller.

Access

You must provide your attendees access to their data within 30 days and explain to them how you are using their data.

We had to change how we were collecting attendees' consent and guarantee GDPR compliant leads to our main sponsors.

Mehdi Medjaoui

Founder & Chairman, APIDays Conferences

At IBM, we decided to no longer sponsor conferences that shared attendee lists without collecting their consent in compliance with GDPR.

Claude Haik

Big Data Analytics, Marketing, Event Manager and GDPR advisor, IBM

What were APIDays' new obligations under GDPR?

Data given to sponsors required the attendee’s consent

Providing attendee data to sponsors required consent, which needed to be active and freely given. Under GDPR, passive consent or pre-checked boxes aren’t permitted.

Data used for marketing required the attendee’s consent

APIDays could not send marketing and promotional emails about their other events and sponsors without the consent of each attendee.

The consequences

APIDays could no longer provide their main sponsors with the contact details of their attendee list, nor could they give them the list of people that register to their workshops, without collecting the attendee's expressed and free consent. APIDays had to create a new lead generation channel for sponsors and exhibitors that would respect the privacy of attendees and respond to their sponsors' concerns regarding GDPR.

Learn how GPDR is impacting event organizers

How to become GDPR compliant

The Numbers

61%

of attendees opted in and accepted to be scanned by exhibitors.

GDPR contacts per exhibitor (on average)

registrations per session (on average)

We are surprised and happy to see that 61% of attendees opted-in freely to be scanned by exhibitors and 59 GDPR leads were collected through the platform for each exhibitors (on avg).

Mehdi Medjaoui

Founder & Charman, APIDays Conferences

We reduced our volume of lead generation but only gathered very qualified leads interested in having sales contact them. It makes us more productive and saves time. Quality over quantity.

Claude Haik

Big Data Analytics, Marketing, Event Manager and GDPR advisor, IBM

Solutions Delivered

Attendees have control over how their data is used

Attendee information is shared with other participants, sponsors and exhibitors only with their explicit consent to opt into networking and when they accept connection requests.

Sync only the attendees that opt to be part of networking

With Swapcard, organizers can select only the participants who agreed to share their data and take part in networking when syncing their ticketing tool.

Clearly defined attendees who agreed to badge scanning

By syncing only attendees who accepted the networking feature, APIDays could identify participants who opted in for badge scanning by using colour-coded lanyards.

Want to learn more about how to make your event GDPR compliant? Get in touch with one of our experts.

Request Demo