Is Your Exhibition & Event Data GDPR Compliant?

The General Data Protection Regulation (GDPR) supersedes the Data Protection Act, effective from 25th May 2018. GDPR gives data subjects more visibility of to how their information is collected, processed, stored and utilised making it illegal for businesses to market to data unless they can prove they’ve obtained clear and unambiguous consent or that there is a legitimate interest. This provides data subjects with peace of mind that their personal information won’t be used for anything they haven’t given permission for.


What is personal data?

Personal data is any data that is (or could be) associated with a specific data subject, so that’s names, age, job titles, etc. Sensitive data is considered also personal data, though relates more to a subject’s personal life, for example; sexual orientation; religious or political views, medical history, etc.

Collecting and handling personal data is part and parcel of an exhibition, though if you are scanning event passes, you may also be handling sensitive data such as dietary requirements or disabilities.


What does GDPR mean for events & exhibitions?

Don’t panic – being GDPR compliant will not limit your networking possibilities. The crux of GDPR is ensuring businesses make secure data handling a priority at all stages of the collecting and handling processes. As an exhibitor, you may well have used multiple methods of efficiently collecting data from event attendees, but efficiency isn’t key anymore – consent is, and exhibitors need to make sure they can prove that they have obtained it.

Under GDPR, explicit, informed consent must be obtained before collecting a person’s data. You must inform your data subjects how you’re going to use their information and how you’re going to communicate with them.


Clip recommends two ways to ensure your data collection at exhibitions and live events is GDPR compliant:


  1. Oral consent

The ICO advises that oral consent is a valid and unambiguous process for gaining consent and the exhibition and events world is a perfect example of when you can exercise this form of consent. However, it’s important that you’re able to prove consent was given at the time.

  1. Written consent

You could also adapt your data capture forms, or introduce a data capture form, to be compliant with GDPR. Using an iPad or tablet with a simple data capture app (you can get apps that feed directly into your CRM or marketing automation), is a very effective way of doing this.


How do you prove consent?

The ICO suggest a good record to prove consent will include:

  • Who consented: name of the individual
  • When they consented: In this instance a note of the oral consent
  • What they were told: a copy of the statement that was given to the person
  • How they consented: So this will either state ‘oral consent’ or a copy of the data capture form they completed
  • If consent has been withdrawn: and if so, when.


It’s important to follow these steps to support your GDPR compliant event data capture:

  1. Provide your team with a script. The script must detail how you will look after and use the subject’s data. We also recommend advising the data subject that they can view your full privacy policy on the website and that at any time they can update their data preferences. Or if you’re using a form fill, ensure there’s a link to the privacy policy.
  2. Document the script: If you’re using oral consent then you must keep a log of the script used at the event.
  3. Update your CRM or records management system to demonstrate which form of consent was used and ensuring that the relevant documents can be logged.
  4. Ensure that customers can request to update their data/ withdraw their consent at any time.


If you’d like help, guidance or support to become GDPR compliant at your next event, or even if you’d like help with lead capture to get the best from your event, please get in touch: