How to comply with GDPR and manage your events effectively
You’ve just wrapped up a major exhibition. Now it’s time to build on that success by reaching out to those who attended, and it’s a process you know well:
- Pull names and contact info from attendee registrations
- Import that data into your database as a new marketing list
- Export the list to share with sponsors who invested in your conference, in part, for access to your attendees
It sounds simple, but when the EU’s General Data Protection Regulation (GDPR) took effect in May 2018, it dramatically changed how organizers need to approach attendee registrations.
A key thing to remember is this: If you start thinking about how you’ll manage GDPR challenges after your event, you’re already too late.
Instead, plan from the start how you will gather data and how to handle it afterwards to ensure legal compliance. Consider these three best practices to jumpstart that planning process.
New best practices for meetings data
Get permissions up front
GDPR requires that people opt in for communications. It’s no longer enough to merely state – even in big flashing words – that by registering, attendees give permission for you or others to contact them.
Instead, clearly state how you want to use the data you collect and provide registrants a way to explicitly agree, with opting-out as the default setting.
Set up your database correctly
When you come away from an event with a list of registrants, you need a field within your database that stores whether or not each person gave consent for data use.
This allows you to store data for all attendees but also segment those that you or others can and cannot contact. Without that field built into your database up front, you lose that vital piece of information on import.
Know your tools and how you’ll comply
GDPR gives people greater control over what data you can keep and how you store it. In some cases, for example, an EU citizen can request that you erase their data completely.
GDPR also distinguishes between “anonymized” data, which makes someone completely unidentifiable, and “pseudonymized” data which segregates identifying information.
Some systems, such as Simpleview CRM, have functions for accommodating these requirements built into the software. It’s important to choose tools with these data management functions in place or have an alternate plan for meeting GDPR compliance as needed.
I’m outside the EU - does GDPR matter?
Even if your event will not be in Europe, think carefully about data collection and management well in advance. The general belief is that the EU has created a first step that the rest of the world will follow.
In the United States, for example, data privacy laws vary by state but may soon be subject to national mandates. Also, even if your event is outside the EU, you may well have EU citizens as attendees, and GDPR may extend protections over the data you collect.
Bottom line: The laws can vary widely, and they’re continuing to change, so prepare as best you can in advance. Don’t gather data then try to arrange compliance after the fact. The best thing you can do is be proactive.
This is a sponsored blog post from Simpleview.