Go to main navigation Navigation menu Skip navigation Home page Search
STOCKHOLM SCHOOL
OF ECONOMICS

GDPR at events

At most events, we collect information about our guest, such as name, email address, and in some cases sensitive info such as dietary requirements. It is therefore our responsibility to protect the data that we process about our guests, so that they can feel safe with how we handle the information. 

Below is a list of aspects that are applicable at most webinars, physical and hybrid events. 

PRE-EVENT PHASE

Make sure your event planning is GDPR compliant                   

Where does the consent of the participant begin, and in what way is it applicable throughout the event lifecycle? If you are using marketing automated data, make sure the data is allowed to be used for your specific event.

  • Only collect the information about the guests that are necessary to conduct the event
  • Obtain clear consent to gather and use the data in any manner, you may need different types of consent for different types of data and depending on the data processing activity you are performing
  • Make it easy for people to withdraw consent
  • Name any third parties that will have access to the data

Check all your forms and systems

This include all forms and privacy notices, to make sure they are GDPR compliant. In addition, you should review your systems to ensure they are capable of handling user data and are compliant with the law's specific provisions. For example, are you able to process and verify a request to delete an individual's entire data trail or easily share a specific user’s personal data upon request by the user?

Review your mailing lists

Make sure you have clear consent from participants before providing any data to any third party. This includes using your mailing list or sharing contact information with participants.

Photos, video and audio recording

If you are planning to take photos and recordings, ask for the guests consent and/or add a disclaimer already in the registration form, and in all other information provided about the event.  Inform them how the recordings will be used, for example for promotional purposes. 

Example of disclaimer to come soon. 

DURING EVENT

Check third-party collaboration security

Make sure any third-party collaborators offer enough security to meet the GDPR requirements of SSE. Be cautious of exports and data transfers.

Photos, video and audio recording 

Again, make sure that participants in the event are aware that the event is photographed or recorded in any other way. 

At physical events, use clear signage where you both inform, and clearly refer to who to contact if you do not wish to be a part of any recorded material. This may require setting off a specific section in the event venue, where they can be without worrying of being recorded. 

At digital events/webinars, both inform the particapants verbally, and add information in writing on the screen, to allow them to turn off their camera or similar. 

POST-EVENT

  • Erase or anonymise personal information no longer needed, such as dietary requirements. 
  • Protect all data from unauthorized use and access.
  • Document how you intend to use the data.