Achieving Data and Legal Compliance in the Event Industry

Print Friendly, PDF & Email

We’re living in a world that generates more than 2.5 quintillion bytes of data every day. With data changing hands faster than ever before in today’s increasingly hybrid world, we’re all forced to keep up. 

Event organizers must keep data security and legal compliance top of mind. Why? The digital age’s currency is data. Having sensitive data fall into the wrong hands destroys partnerships, damages reputations and dissolves trust.

Prioritizing data security in the events industry

Event organizers use data to inform every stage of event planning, from developing communications strategies to tweaking session topics and providing updates on an attendee’s journey through the pipeline. The data most accessed by event planners include:

  • Personal or identity data, such as contact and demographic information. 
  • Usage or behavioral data, which is site-specific and can include the number of sessions someone attends, which broadcasts they watch, and how long they watch. 

Hybrid and virtual events are here to stay — and with the vast amounts of information generated by participants logging in and creating a traceable presence, event planners must balance the risks and treat that information with the utmost care and confidentiality.

Countries worldwide are already developing and implementing security laws and regulations to tighten security and protect sensitive data. 

General Data Protection Regulation (GDPR) compliance

The GDPR, a centralized policy enacted in 2018, dictates how businesses, governments and organizations store and use EU citizens’ and residents’ personal data, giving them the right to request that a business:

  • Delete or anonymize personally identifiable information.
  • Not sell their personal data to a third party.
  • Provide any information that business has collected about them.

The GDPR also requires people to actively opt-in to give businesses permission to use their personal data. In the event world, organizers must not only obtain attendees’ permission to collect data but also explain how that data will be used and with whom it will be shared. 

Because attendees can request copies of the collected data — and also request the transfer of that data to other third parties — event planners should use a machine-readable, common format. Thoroughly understanding GDPR will help organizations safely and ethically handle data, with guidelines planners should use to ensure security and compliance.

U.S. data privacy laws

Unlike the EU, the US doesn’t have a single, overarching federal data privacy law, although many states are enacting comprehensive consumer data privacy laws at their level. The California Consumer Privacy Act (CCPA), however, is the best comparison to GDPR. 

The main difference between the two is that CCPA lacks the opt-in requirement of the GDPR, only requiring a privacy notice on any electronic form where users input data. The CCPA also doesn’t allow consumers to update or correct their information. However, the CCPA does:

  • Grant citizens the ability to access, delete or opt-out of data processing.
  • Give citizens the right to know about information a business collects, uses and shares.
  • Ban businesses from selling personal data to third parties without first giving consumers the ability to opt out.
  • Define personal information very broadly as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

Protecting attendees and their data

Marketing teams and event planners rely on data to develop and deliver exceptional event experiences. The following best practices will help ensure data security, privacy and compliance:

  • Use two-factor authentication and single sign-on. 
  • Encrypt documents — even if you work in and rely on the cloud.
  • Train your staff to recognize phishing and ransomware.

Another critical consideration: selecting an event management platform that prioritizes data security and ensures you meet all legal requirements. The right event management partner will:

  • Create another security net by using third parties to assess procedures and ensure regulatory compliance.
  • Maintain up-to-date knowledge of applicable regulations, including national and international security standards.
  • Employ a dedicated support team to monitor and quickly address potential security threats.

Events offer a powerful tool for companies, generating purposeful, measurable data for targeting customers, establishing relationships, building brand recognition, and so much more. It’s imperative that event planners and marketing teams take every precaution to comply with regulations and laws governing data privacy to protect sensitive information.

About the Author

Devin Cleary is the VP of Global Events at Bizzabo, the fast-growing event technology platform for hybrid, virtual and in-person events. Devin is a passionate, results-driven event producer and marketing executive with experience leading the creation and active management of diverse experiential marketing programs for B2B, nonprofit and consumer markets. Devin was recognized as one of Connect Association’s “40 under 40” leaders in 2021. He was also featured in Event Marketer’s 2017 “B2B Dream Team” and BostInno’s “50 on Fire.”

Sign up for the free insideBIGDATA newsletter.

Join us on Twitter: @InsideBigData1 –

Speak Your Mind