Your Guide to GDPR & Data Protection in Event Marketing best practices

When it comes to the world of event marketing, we here at AddEvent understand how important it is for our customers to successfully collect their attendees’ data for future marketing opportunities. But we also understand that every single person has the right to protect their personal data and authorize it only to be used for what they’ve initially signed up for. 

In 2018, the European Union released an important directive called the GDPR — a privacy regulation that clearly outlines how you can (and can’t) use someone’s personal data. Not complying with these privacy regulations could result in some pretty substantial penalties and fines — or worse — it can really damage your business’s reputation as a whole. 

What is GDPR?

The General Data Protection Regulation, most commonly referred to as GDPR, is the most comprehensive privacy and security law globally. Although drafted and passed by the European Union (EU), it still presents an obligation for organizations everywhere if they target or collect data about EU citizens. Those who violate this policy will face hefty fines — sometimes even as high as tens of millions of euros.

The closest U.S. equivalent to GDPR is the California Consumer Privacy Act (CCPA). It gives California residents more transparency and control over how businesses collect and use their personal information — and just like GDPR, it requires any business that works with or collects data about customers based in California to adhere to its rules.

Another law you’re likely familiar with is the Health Insurance Portability and Accountability Act (HIPAA), which protects sensitive patient health information from being disclosed without one’s knowledge or consent. 

And while the greater United States hasn’t adopted a universal privacy law (beyond HIPAA), ensuring that your attendees and potential customers want you to use their personal information for future marketing purposes is important to establishing trust for your business — and avoiding the legal ramifications that could pop up in the coming years. 

How Does This Affect My Event Marketing?

If you want to ensure that your event marketing strategy will keep your organization compliant with GDPR (and other data protection) requirements, here are some important aspects you’ll need to consider. 

Obtaining Explicit Consent

You, as the event organizer, are responsible for securing an agreement from your participants to keep and use their personal data by explaining exactly how you intend to use it in the future. That permission also needs to be expressed in an active, clear manner. 

For example, when you’re using AddEvent to capture RSVPs for your events, you need to go into the RSVP template to add a custom field that will ensure your participants are comfortable with you contacting them in the future with the info they provided. 

Understanding Your Responsibilities as an Organization

Protecting, storing, and properly using someone’s personal data is quite a hefty responsibility! Here are a few ways your attendees can call the shots when it comes to their info — and the way you were planning to use it. 

First is the right to be informed — you must tell your attendees why you’re processing their data (typically for future marketing purposes), how long you plan to retain their information, and who else will have access to it. Be as transparent as possible.

Your attendees also have the right to ask what information you have for them, and you have thirty days to provide digital copies of their data back to them.

The attendee can also ask you at any time to stop using their information for marketing purposes, even if they originally agreed to it. When a request like this is made, it needs to be done immediately. Your attendees can also change the information they’ve previously provided, ask you to delete their data completely, or stop using their information in the future. 

Essentially, your attendees get to call the shots about their private information — and you need to listen to them no matter what. 

Navigating Sponsorships and Partnerships

It’s no surprise that sponsors of an event are doing so to increase brand awareness — including marketing to attendees after an event has occurred. Under GDPR, your organization cannot share any customer or attendee information with a third party unless the customers have explicitly consented to your doing so. 

Acknowledging Retargeting Efforts

GDPR will also affect how you retarget for an event since cookies and device IDs are considered personal data. To gain consent from your customers, be sure to add inclusive language in your privacy policy that clearly outlines the use of personal data for retargeting purposes, and add a site banner that indicates if your website is collecting cookies. 

Other Ways Data Privacy Regulations Could Affect Your Marketing 

There are less obvious ways these data privacy laws may affect your event marketing efforts. For example, when a user follows your AddEvent subscription calendar, their calendar service (be it Google, Apple, Outlook, etc.) will typically send them a push notification to remind them of the upcoming event.

But because these reminders are controlled by the calendar service as opposed to AddEvent’s platform, we can’t guarantee that the subscriber will receive these pop-up reminders if their settings opt not to get reminders. Whatever their calendar settings are set to is what their Google Calendar or Outlook calendar adheres to.  

Working with Compliant Vendors

As your organization works to maintain compliance with the relevant data protection laws for your specific customer group, it’s important to consider whether or not the vendors you are using are also making their best effort. 

AddEvent is proud to be GDPR, CCPA, and HIPAA compliant. While using our custom forms and questions, our clients can ask their attendees anything, but we make sure that the data is always safe. Of course, it’s still your responsibility to make sure what they are asking for information-wise is legal. And remember, if you download the data (meaning it leaves AddEvent’s service), you also need to make sure the data is handled correctly! 

When in Doubt, Ask the (Legal) Experts

Everything in this blog is intended to serve as a helpful guide for your event marketing plans and their compliance with the General Data Protection Regulation (GDPR) and other data privacy laws — but it’s really important to understand that it’s not a substitute for actual legal advice on the subject. 

While we here at AddEvent always strive to offer the most accurate and informative information out there, the dynamic nature of legal regulations, as well as the specifics around your event marketing activities, could require some personalized legal guidance. So, when in doubt, consult with your organization’s legal team or the relevant legal authorities. Your organization’s legal experts are the best resource to ensure compliance with the law and protect your interests!

Ready to try our service on for size? Sign up for a free account, today!