Bugaboo: 5 reasons why event planners should stop being afraid of GDPR

The whole world is terrified of the new European General Data Protection Regulation (GDPR). But is it really all that bad? In many ways, the GDPR will benefit event organizers in the European Union. This article will show you what impact it will have and what the most important reforms are.

9 min
Share it

Many companies in the EU marked the 25th of May on their calendar. This is the day that the GDPR, the European General Data Protection Regulation, became effective. The law has already existed for two years — so you can’t say that nobody knew about it. Despite that, stress levels have noticeably increased lately — for event planners as well.

“The impact is multi-faceted. All data handling in connection with the event needs to be analyzed and documented. From the invitation through the registration, from the on-location services through the follow-up services or the forwarding of data to exhibitors and cooperation partners.” That’s how Thiemo Sammern, co-founder of the Salzburg data handling specialists data.mill, summarizes the requirements for event organizers.

Even if the effort required right now is substantial, there is no reason for you to panic. Why? Here are five reasons to feel more optimistic.


1. The inventory you need to take is a bit like spring cleaning

...and after the spring cleaning is done, you feel great, don’t you? Documenting exactly what happens with personal data in your company is a lot of work. The bigger the company, the more “data silos” there might be.

Even for the Deutsche Messe AG, one of the challenges of the GDPR is the process inventory. “The essential thing is to capture all actual, relevant processes. Legally correct configuration and its documentation is a craft,” says Reza-René Mertens, Head of Legal Department and Compliance at Deutsche Messe AG.

So once you’ve plodded through the data handling processes and have documented them correctly (you’ll find an example and checklists below), most of the work is done!


2. Data security builds trust

Orderly documentation on the processing of personal data leads to considerably more transparency for all those involved. As Thiemo Sammern says: “For companies, of course, that means putting in more effort. On the other hand, it allows them to win the trust of the data subjects, which improves customer satisfaction and loyalty.”

“There are now stricter requirements as to how data can be processed and sold and how the people whose data is processed must be informed about how their data was acquired. For email advertising, I need to be more careful to ensure that I really have the email recipient’s permission. Applying for conferences with spam emails is becoming more and more difficult and risky.” That’s the view of Peter Harlander, an attorney in Salzburg. As an expert in data security and social media law, Harlander also makes appearances at conferences and training events, where he helps people to properly comply with the GDPR.


3. Don’t worry — everyone feels this way

Even if it doesn’t seem like it, you are not the only one who is worried about the GDPR. The rules apply to all event planners, which means that complying with the GDPR will not put you at a competitive disadvantage.

“I believe that the GDPR is, overall, a very positive thing, because it forces everyone to handle personal data carefully,” says Harlander.


4. You’ll be able to cater to special needs (e.g., food intolerances) in the future

As a good event organizer, you are most of all a good host. That means responding to customer requests as optimally as possible, such as with catering. “If I want to know what I need to take into account when arranging catering, then I can request that information from the participants, but I need their consent. I should not, however, make that type of data entry field a required field,” Harlander says, explaining the limits set by the GDPR.

It’s a bit of a different story when it comes to requesting profile data that is needed less for the realization of the event and more for its marketing — that is, which constitutes advertising. Thiemo Sammern gives this advice: “The collection of data, such as the level of education or the person’s position in the company, is often done for statistical reasons or because the different groups of people should receive different follow-up services. This can quickly fall under the category of ‘profiling’. And that requires a separate notification in the privacy policy,” says Thiemo Sammern.


5. Things are never as bad as they seem

How critical will GDPR compliance be for you as an event organizer? And what penalties might you actually need to reckon with? At this point, no one can really say for sure. This is why Austria, in its national implementation of the GDPR, has already instituted some simplifications for companies, media, and artists. Some even talk of it being “watered down”.

But this offers no protection from clever attorneys who could send out a flood of warning letters. There is no way to get around the need for GDPR compliant data handling processes, a privacy policy, and procedures like verifiable opt-ins (double opt-ins, whenever possible).

In short: The situation is serious, but not hopeless! 🙂