Is your conference event GDPR compliant? – Part 1

I’m starting a series of articles in which I will try to cover my experience in managing privacy and GDPR compliance for several IT related conference events that are handled by “Avaelgo”. During this journey, I will also touch some in-depth security aspects, so stay tuned for that.

As I am sure you know already, a conference is a place where people gather, get informed, do networking (business or personal), have fun, and who knows what other stuff they may be doing. The key aspect here is that for such a conference to be successful, you need to have a fair amount of people being part of it. And since people are persons, well, that also means a fair amount of personal data.

There’s a lot to cover, but we’ll start with the basics. If this is the first time you are organizing such a conference, then you already have a head start: you don’t have to change anything. If not, then you must start by reviewing the processes that you already have in place.

In this first article I’m just going to cover what are the key points that you should review. Let’s go:

  1. How do people get to know about your event?

It is very important to know how exactly you are going to market your event. The marketing step is very important, and itself must be compliant with the regulation. This is a slightly separate topic, but it cannot be overlooked.

It does not matter that you will market yourself to participants, speakers, or companies. Personal data is still going to be involved.

  1. How are people going to register for your event?

This means: how are you going to collect data regarding the participants? Is there going be a website that allows registration? Do you allow registration by phone? There are still more questions to answer, but you have an idea about the baseline. These decisions will have a later impact on the security measures you need to take in order to secure those channels

  1. How are speakers going to onboard your event?

Same situation as above, but it may be that there is a different set of tools for a different workflow.

  1. How are you going to verify the identity of the participants?

Is someone going to be manually verifying attendance and compare ID card names with a list? Is there going to be a tool? Is there a backup plan?

  1. Do you handle housing / travelling for speakers / participants?

If yes, you will probably need to transfer some data to some hotels / airlines / taxies, etc…

  1. Do you have sponsors? Do they require some privilege regarding the data of the participants?

This is a big one, as I am sure you know, some or all of the entities that collaborate on your conference will require some perks back from your conference. It may be that they are interested in recruitment activities, or marketing activities, or some other kind of activities on the personal data of your participants. Trade carefully, everything must be transparent.

  1. Will you get external help?

Companies / volunteers / software tools and services that will help you with different aspects of organizing the event? What are they going to do for you? If they touch personal data, it is kind of important to know before you give it away to them.

  1. Are there going to be promotions / contests?

Usually, these will be threated separately and onboarding to this kind of activities will be handled separately, but still, it is a good idea to know beforehand if you intend to do this.

  1. As you can already imagine, this is not all, but we will anyway cover each topic from here in future articles, and then, probably, extend with some more.

This may look freaky and like a lot of work, but it really is not. Anyway, by trying to tackle personal privacy beforehand, you also get, as a happy byproduct, a cool fingerprint of what you need to do in order to have a successful event. Cheers to that!

A future article will come soon, covering the next steps. I am sure you already have an intuition of what those are.

See you soon!

Leave a Reply

Your email address will not be published. Required fields are marked *