Participating in an event requires participants to disclose personal information about themselves. Personal data is essential to participate in almost every event and is used as an example of:

• Communication between event organisers and event participants
• Event access control
• Create event badges
• Individualisation of event participation
• Enabling networking

But who is actually responsible when it comes to protecting participant data at events? It is important to take a closer look here.

‍

Who is responsible for compliance with data protection regulations at events?

The data protection law distinguishes between data controller and contract processor. A data controller is a company or organisation that decides on the purposes and means of processing personal data. The data controller is therefore the event organiser, who pursues a specific purpose by processing personal data (the event) and thus also decides how to handle the participant data. A processor or data processor is a company or organisation that processes personal data on behalf of (and for the purposes) of the data controller under an order processing agreement. If, for example, event management software is used, the role of contract processor is assigned to the provider of this solution.

‍

What are the duties of an event organiser?

Event organisers in the role of a data controller:

• are required to publish a clear and transparent data protection policy and to provide information about the purpose and duration of data processing.
• must provide information about data processing at the request of data subjects and delete it upon request.
• have to conclude an order processing contract with the commissioned data processors.
• are liable for any damage caused by violations of data protection regulations.

How can an event manager contribute to the confidential handling of participant data?

Event managers with access to participant data have a high level of responsibility when handling personal data. For a trusting relationship, it is recommended to consider the following points when organising the event:

1. Integrate your own privacy policy into the registration process.
2. Create transparency about the use of personal data.
3. Avoid sending Excel lists with participant data via email unnecessarily.
4. Limit access to participant data to the most necessary people in your organisation.
5. Avoid printed guest lists, which can easily fall into the wrong hands. Instead, use digital event solutions with appropriate access rights.
6. Centralise necessary participant data in one system after the event and ensure deletion in any peripheral systems.
7. Choose trustworthy event tools, such as Oniva, which have transparent privacy policies and appropriate data protection measures.
8. Only collect the necessary data from your participants to carry out the event.

‍

Conclusion

In a hectic event environment, it is easy to forget to take care when handling participant data. It is therefore advisable to familiarise yourself with this topic at an early stage and to develop the necessary basics. This not only creates a unique but also trusting event experience.