The Critical Role Data Capture Plays in GDPR

The aim of the General Data Protection Regulation (GDPR) is to give individuals control over how their personal data is used. One of the key aspects is ‘transparency’ over why data is collected, what will be done with it and the rights an individual has.

Ben Bradbury, May 10, 2017

In this article, we will explain the impact on collecting personal data on your website, and an event registration platform.

You need to give when you collect under the GDPR

There is a shift away from having all the details in a disconnected Privacy Policy or Privacy Notice to giving details at the time of collection. An example of where changes will be needed are places on a website or event registration page, used to collect First Name, Last Name and Email.

Article 13 of the regulation tells us the information to give. The following is a summary of what is required:

  • Details about the data controller
  • Contact details about the controller’s Data Protection Officer (if one exists). This could be a generic email address such as as the person in the role could change over time
  • What processing is done and the legal basis for doing it (consent, legitimate interest, contractual requirement etc.)
  • Who data will be passed on to, if that is applicable. It is no longer valid to say something like ‘our carefully selected partners’, it must be more specific
  • How data is protected if it is passed or stored outside the EU. If you plan to use the data in services such as MailChimp or a CRM you need to check where they store data. If it is outside of the EU, their privacy policy should say if it is covered by an agreement such as Privacy Shield
  • How long data is retained
  • How to exercise the right to have data erased, to withdraw consent, to lodge a complaint with a supervisory authority etc. This will probably be a generic email address such as There could also be a ‘self service’ area on a website for individuals to maintain the personal data they have provided

The details need to be given using ‘clear and plain language’, especially if the details are collected from a child. The Information Commissioners Office (ICO) code of practice (view here) on communicating privacy information to individuals provides details about how this could be done. Something to discuss with your website developer or event technology provider.

If you obtained the data indirectly, e.g. from a mailing list, you need to contact the individual with details about the source of the data and the categories of personal data you have ‘within a reasonable period after obtaining the personal data, but at the latest within one month’ (Article 14). If you are relying on consent as the legal basis for processing the data, you need to ensure that the source of the data provided evidence that they obtained the necessary consent before you contact the individuals. The issue of consent is for another blog after the ICO have issued the final version of their consent guidelines.

Is this level of transparency unreasonable? I would argue that it isn’t. If you cannot say why you are collecting data and what you will be doing with it when you collect it, you should not have it in the first place.

For more information on how GDPR affects marketers and event organisers, read our article here. Or take a look at our GDPR checklist.

This post was brought to you by Ian Grey, an Information and Cyber Security consultant. Ian will be part of our panel discussion, on Thursday 25th May.


Share this article:

GDPR for Events - FAQs

A collection of short video clips and associated transcripts from our GDPR for Events session, originally broadcast using Glisser LIVE.

How Event Software Integrations Can Help You Build the Ultimate Event Stack

Event software integrations are key to building the ultimate event technology stack. In this blog post, we’ll look at the three main types of integrations and how they can be leveraged to drive event success.

Using Glisser Interactive Quizzes to Boost Booth Traffic

Recently we exhibited at Event-Tech Live - our fourth year at a conference that is fast becoming a mainstay of the European Event Tech scene. As well as a ferociously bright orange carpet, we also set up a little something else to catch the attendees’ eye - an interactive quiz.
© 2018 Glisser, all rights reserved