Ask the Experts: What Impact will GDPR have on Meetings and Events?

We’ve been talking a lot about GDPR lately.  And for good reason too.  One of the biggest shake ups in data protection and privacy laws for the past 20 years, the new EU General Data Protection Regulation will come into effect in May 2018 and completely change the way events collect and handle the personal information of European attendees.  But how important are these changes actually going to be for event planners? Is GDPR going to make things like data-driven marketing and personalisation a lot more difficult? Or will the new regulation bring on some new opportunities?


Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take to meet the new requirements.


EventTech Talk spoke to a number of well-known event experts to find out what they think about GDPR and what kind of impact it will have on the industry.  Here’s what they had to say:

Adam Parry, Editor, Event Industry News

GDPR will have a huge impact on event marketers next year, and this in my opinion is a good thing.  As an industry we have been very lazy, relying on email marketing with outdated and uncheck cleansed data, I see it myself getting invites to events from previous roles and or having never attended the event in the first place.

We will have to work smarter as event marketers but there are tools and solutions out there to help us and not make it a case of having to work harder.  Let’s take for example retargeting technology, it’s not new but hugely under-utilised by our industry as a way of remarking our event to web visitors that didn’t sign up to attend.

Follow Adam Parry on Twitter: @punchtownparry

Michael Owen, CEO, EventGenuity

I’m surprised by how little is known about GDPR by those in business events and associations sector in the United States. Of those who are familiar with the regulation, many forego learning more, as they think it applies only to organisations based in the EU. With headlines about breaches of personal data like Equifax as frequent as the sunrise, one would think at least that curiosity would drive everyone to fully understand the ramifications.

How great will the impact be in non-EU organisations? It’s hard to tell right away. At a recent session, one gent said, “I’m not going to worry about it, because it will be hard to enforce.” Hard? Yes. Impossible? No. Once non-EU enforcement is figured out, and the first massive fine occurs, I suspect interest will spike.

Misconceptions place barriers to learning: “We don’t have offices or hold meetings in the EU”, etc. For business events and associations who host attendees have members or subscribers from the EU for whom they hold data, there is liability.

It’s not all bad news, though. There is opportunity to improve internal business processes. The requirements force organisations to become more, well, organised. Isn’t it a good thing to be more aware of what personal data one possesses, where it resides, how it is processed and protected? Compliance could well reduce financial and reputational risk, and build trust with customers, members, attendees across the board. This outcome would provide more accurate data sets and more meaningful relationships amongst organisations and valued customers.

Follow Michael Owen on Twitter: @EventGenuity


Did you know that more than 75% of event planners think that data security is a much bigger priority for them because of GDPR? Find out what you should do to prevent your attendee data from getting lost, stolen or compromised by getting your copy of ‘The Event Planner’s Guide to Data Security in a Post-GDPR World‘.


Brandt Krueger, Speaker & Consultant, Event Technology Consulting

I have extremely mixed feelings when it comes to GDPR, or for that matter, a lot of attempts to regulate the Internet. While companies clearly need to be held accountable for the securing of our personal data (I’m looking at you, Equifax), and I’m in favour of data transparency – most of these attempts at legislation are reactionary and only deal with new problems as they arise.

Much of the GDPR regulations surround consent. While noble in cause, we already give our consent to all kinds of things without thinking twice about it. We click through license agreements and software permission screens without reading them, and every website in the EU has to let me know that it’s using cookies. How many times have you stopped and thought, “Oh my, I don’t know about this cookie thing. I guess I’ll just shut down my browser and walk away.” Nope, you click on it as quickly as possible to just make the pop-up go away.

I worry that we’re going to be generating more and more of these types of screens, where people will be forced to check off 37 boxes of consent, just to find out where their next hosted buyer appointment is. Customers do need to be made aware of what information they’re providing, and exactly what is being gathered about them, but I have severe concerns about the implementation. This will be the most immediate impact on the event industry – how technology companies deal with the informed consent GDPR seems to demand. I predict lots of splash screens and checkboxes that absolutely nobody will read, along with signage next to fishbowl drawings at expos that, you guessed it, nobody will read.

On the positive side, I do think it’s important to require companies to provide a high level of transparency when it comes to other people’s data, though again I’m hesitant about the implementation. Does a dump of data into a CSV count as an accurate representation of your data? And again, the different types of data that are being gathered can be difficult to provide in a way that makes sense to the person making the request. Because it’s not just about the tangible, easy to understand, data like names and addresses – it’s often about the relationships, the links, the connections between that data that’s important. Knowing your name, address, and what magazines you subscribe to are three separate data points, but their interconnectivity can be enormously revealing in ways people would be shocked to discover.

Follow Brandt Krueger on Twitter: @BrandtKrueger

Kevin Iwamoto, Senior Consultant, GoldSpring Consulting

GDPR will have a major impact on the way companies and their event suppliers manage their events in 2018 and beyond.  All meetings and events that handle registrant-attendee personal information and the ways they handle, manage, and purge that information will have to change.  The currently liberal ways that attendee personal information is shared will also have to change.  GDPR will at least temporarily hinder how attendee data and registration lists are currently used.  The proliferation of technology platforms, mobile apps, etc. that currently use personal data for marketing campaigns and for determining things like Return on Engagement (ROE) and Return on Objectives (ROO) will need to be reviewed and changed to avoid major EU fines for GDPR violations.

Read: 5 questions to ask event tech providers about GDPR

All companies and their event supplier partners should be doing a personal data audit now to discover the multiple areas that will need to be modified to become GDPR compliant and to avoid the potential for massive fines.  Unfortunately, so many companies remain in the dark and in denial about their GDPR complicity requirements.

Follow Kevin Iwamoto on Twitter: @KevinIwamoto

Paul Cook, Writer & Researcher/Creator of Specialised Content Consultancy, Planet Planit

GDPR will have an impact on the events industry as it will on every sector. How big that impact is will depend on how many changes organisations will need to make in the way they look after personal data currently. For those companies that have strict policies in place already it will have less of an effect.

Having said that, marketing under the new regulation is a key area that will impact all businesses. Right now, the business has the power. Next May, the businesses effectively lose that power as it will be the individual that is in control. Consent to receive marketing messages will be a key challenge for a lot of companies and now is the time to sort out the data bases and work on privacy notices.  No longer will companies be able to say we will send your information to interested third parties. They will need to state who those companies are. Consent needs to be recorded and updated on a regular basis.

Does it bring new opportunities? Yes absolutely. One big benefit is that companies will be able to get closer to their clients and prospects. They will need to re-think some of their existing strategies for marketing but for the companies that understand how to make the most of the regulation they will gain trust and a bigger market share. After all, who wants to deal with a company that doesn’t care about whether your identity can be stolen or not?

Follow Paul Cook on Twitter: @planetplanitbiz

George Sirius, CEO, Eventsforce

GDPR is going to change the mindset of event planners when it comes to deciding what data they should collect from attendees, how they use that data for things like marketing campaigns and what they need to do to keep that data safe.  Current practices around getting consent in using this information and sharing it with other parties like event sponsors, for example, will land organisers into big trouble after May 2018.  The regulation is also going to force planners to play a bigger role in securing all the data they collect from attendees, as well as making sure that third party suppliers like agencies and event tech suppliers are also compliant to GDPR.   Again, not doing so can result in big fines.  And that is one of the big things about GDPR.  Compared to current data protection regulations, non-compliance comes with serious financial consequences. People aren’t fully aware of their rights yet, but they will be.  And once they are, the enquiries will start to come.  As will the lawsuits – especially if an event suffers a data breach.

Read: Will GDPR change the rights of your attendees?

But it’s not all bad news. I think GDPR will bring about some big opportunities for our industry too.  Event planners will need to think and act very differently in the way they talk to attendees – and be a lot more honest in the way they manage their information too.  Those organisations that show they’re dealing with personal data in a transparent and secure way and have respect for the privacy of individuals will succeed in building a new level of trust.  And this will be key in deciding which organisations people choose to deal with in the future.

Follow George Sirius on Twitter: @georgesirius

Corbin Ball, Meetings Technology Speaker/Consultant/Writer, Corbin Ball Associates

GDPR is a sweeping set of privacy regulations that will affect any event with European attendees or members regardless of where the event takes place. Non-compliance penalties are stiff so it will be imperative that the planners work with their IT departments and technology providers to ensure that the new regulations are met.

Follow Corbin Ball on Twitter: @corbinball

Are your events ready for GDPR? Get your FREE eBook: ‘The Event Planner’s Guide to GDPR Compliance’, and learn what impact Europe’s new data protection regulation will have on event marketing, data management and event technology – as well as what steps event planners need to take now to get ready for the May 2018 deadline.