Skip to main content

GDPR & Events: What Every Organizer Needs to Know

It governs the processing of personal data of European Union residents and applies to any company – European or not – that processes this data.

Updated over 2 months ago

Organizing an event necessarily involves collecting and managing personal data. Here is how to comply with your legal obligations while using the Eventmaker platform.

Key principles of the GDPR

Rights of individuals

The GDPR strengthens participants' rights over their data:

  • Right of access: to know what data is held

  • Right of rectification: to modify the data if necessary

  • Right to erasure: to request deletion

  • Right to object: to refuse certain uses

  • Right to data portability: to retrieve their data

Clear and active consent

The participant must:

  • Be transparently informed about how their data is used

  • Give explicit consent, via an unchecked checkbox

  • Have the ability to withdraw consent at any time

What we invite you to do on Eventmaker

Registration forms

  • Add explanatory text at the bottom of your forms

  • Include only the fields strictly necessary for organizing the event

  • Use checkboxes for specific consents (newsletter, data sharing...)

Example (registration form) :

The personal information collected is necessary for processing your registration. It is retained by [Company name - RCS], used for [purpose] and may be shared with the event's partners. For more information, see our [Privacy Policy].

Emails

  • Add specific notices depending on the nature of the message (transactional or marketing)

  • Provide a button to access data (e.g., "manage my data", "unsubscribe")

Example (transactional email) :

This email is addressed to <

> because you registered for [Event name]. You have a right of access, rectification, and erasure. See our [Personal Data Charter] or contact us at [GDPR email].

Event website

Your website must include:

  • A Privacy Policy

  • A Legal notice

  • Terms and Conditions of Sale if the event is paid

Notices to add:

Development and design : Eventmaker – 20 Rue des Aqueducs, 94250 Gentilly
 – SIREN : 512 747 676
Hosting : Amazon Web Services, located in Europe (Ireland)

Security and data management

Eventmaker provides you with the tools to remain compliant, but it is up to you to use them properly.

Rights and access

  • Manage employee rights to limit access to sensitive data

  • Control who can export data

Data export

  • All exports are logged in Eventmaker

  • Once the file is exported, you are responsible for its security

Retention period

From the GDPR tab of your platform :

  • Set the data retention period (30 months by default)

  • Add notification emails to be alerted before automatic deletion

Reusing old participant databases

Do you want to use a participant database from a previous event?

  • You must obtain new active consent if this was not obtained previously

  • A list collected without explicit consent can no longer be reused

Summary of best practices

Support

What to do to be compliant

Forms

Explanatory text + unchecked checkboxes

Emails

GDPR notice + data access button

Website

GDPR pages, Legal notice, Terms and Conditions of Sale if needed

Export

Limit permissions and ensure post-export security

Existing database

Request active consent for any reuse

Our recommendations for a compliant event

  • Write a clear Privacy Policy and include it in your communications

  • Enable the GDPR field in your forms

  • Offer participants an interface to manage their data (deletion, modification...)

  • Implement an internal policy for managing exports

Related Articles
What is the GDPR
2 - Eventmaker Subprocessors & GDPR Compliance
Unsubscription & Participant Data Management
Did this answer your question?