We'll show you how it works in person. Book an appointment here Book an appointment now!
When the European General Data Protection Regulation came into force in May 2018, it had far-reaching consequences for event planners. This change was particularly noticeable in participant management, where guest data is collected and processed: Data processing processes had to be reviewed and adapted.
Even today, there are still — or always — uncertainties regarding compliance with the EU GDPR. In addition, the corona boom in virtual events has raised new questions: What is the state of data protection at virtual events? Which tools and providers can be used to hold GDPR-compliant online events?
The General Data Protection Regulation comprises 99 articles. Here we have put together a brief overview of the most important data protection points for events.
Data minimization and purpose limitation. So-called data economy means that as little data as possible should always be collected. Only the data that is absolutely necessary for the purpose is collected. Organizers should ask themselves, for example, whether they need the private addresses of their participants. Are goody bags shipped? The private address may then be collected. Is the event purely virtual? Then your name and email address will probably be enough. Particularly sensitive data, such as health data, is also subject to special protection; it may only be collected if there is a legitimate interest and with the consent of the person. This includes questions about food intolerances, for example. Here, it must then be ensured that the data is also protected at the catering company.
Self-determination. The small box that waits for the approval check mark has become an integral part of any registration process. Personal data may only be stored with the consent of the persons concerned. Registration forms must therefore always obtain the active consent of participants.
transparency. Participants have the right to know which data they store and how. For this transparency, organizers need an overview of stored data and storage locations. If they are to provide information, the data overview should be quickly available. With the right to know goes hand in hand with the right to forget. Participants can request that their data be deleted. It is therefore advisable to design a deletion concept that can be used to respond quickly to such inquiries.
encryption. The first step is the secure transfer of personal data. Data must be protected. Websites on which participants' data is collected via registration forms or collected during virtual events must therefore be sufficiently encrypted and always up to date.
Double Opt in Proceedings. The double opt in process is a good way to document the active consent of participants. This means that, after registration, a confirmation email is sent, which asks for active consent to data processing via a link. Storage is only allowed when participants actively confirm that their data may be processed by clicking on the link.
server locations and storage locations. In order to benefit from the EU GDPR, the data must also remain in the EU and be both processed and stored here. Services that store their data in the USA, for example, are therefore a problem for organizers. AirLST, for example, therefore hosts all data that is stored via the participant management tool in Frankfurt. For example, the data is in Germany and is not sent via the USA or other non-EU countries even during processing.
During virtual events, all participants log on to the event platform via their computers. Even the IP address is defined as personal data material. Even though the event is open and no registration is required, approval from the participants is therefore required. Even if interactions, videos, or shared virtual whiteboards are used, it is essential to obtain the consent of participants in advance. This is especially true when these interactions are recorded and published later. If sensitive company data is discussed or published in virtual discussion rooms, it must be particularly protected. Here, participants should also be made explicitly aware of the confidentiality of the data.
In general, it can be summarized that participants, users, but also event managers should continue to be made aware of the need to protect data. Awareness of sensitive information must be trained, and at the same time, well-founded knowledge reduces barriers and fears. The whole thing is not that complicated at all and there are tools and ways to make events easily data-secure.
In October 2021, we will have the fall conference of Professional Association of Data Protection Officers of Germany (BvD) e.V. accompanied. Under the motto “Economy meets supervision. Shaping digitization: challenges of the modern working world” The professional association met in Munich and virtually on our platform. Everything complies with EU GDPR, of course. Our servers are located in Frankfurt and even with the Big Blue button, we rely on a German conference system, which we modify individually. In the live stream and in breakout rooms, around 300 logged-in visitors discussed, among other things, how to deal with data breaches, the relationship between data protection and social media, or data protection in human resources.
Further sources:
Fraunhofer Institute for Secure Information Technology SIT: Selection and use of web-based communication services in times of corona. Data protection and data security aspects, 2020, https://www.athene-center.de/fileadmin/content/PDF/Onlinetools-Whitepaper.pdf?_=1589355004
From a small master party to a hybrid dealer conference. From unique use cases to group-wide event software. Benefit from the experience gained from thousands of events organized by a wide range of customers.
Plan your own events with up to 50 guests — including landing page, email delivery and ticket scan.
Try it now
