Bulletin 5: Data Privacy and Event Registration

IEEE Technical Activities Bulletin #5

Topic: Data Privacy and Event Registration

Bulletin Type: Action

Audience: Conference Sponsors and Event Organizers

Version 6 - July 2021

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

To comply with the recent data privacy regulations, including the European Union’s General Data Protection Regulation (GDPR), IEEE should provide the ability to store, access, and erase personal data and remove consent if previously obtained. For example, IEEE must be able to prove what, when, and how consent was given in an event registration system.

This applies to all types of events that are delivered by IEEE communities that capture attendee information. Some examples of the types of events include, but are not limited to:

  • Award Ceremonies
  • Conferences
  • Meetings
  • Receptions
  • Retreats
  • Seminars
  • Trade shows
  • Virtual events
  • Webinars

What do I need to keep in mind to comply with data privacy regulations regarding event registration?

As an event organizer, you need to look at how data is collected, how consent is stored, and how to incorporate data security into the event planning and management processes.

How can event organizers obtain attendee consent?

The following checklist should be used to ensure you’re following the guidelines for managing consent under data privacy regulations:

  • Unbundled: Consent questions must be separate from other specific conference policies.
  • Active Opt-In: Pre-checked boxes are no longer valid.
  • Specific: Provide options to allow individuals to consent to specific activities, communications, or processes, e.g. call for papers, call for reviewers, registration, conference details.
  • Keep Records: Maintain records of consent, how they gave consent, and when.

What do I need to incorporate into the registration process?

All events will be required to incorporate pro-active consent to both the IEEE Privacy Policy and IEEE Event Terms and Conditions as part of the event registration process to capture and affirm active consent. To learn more about how to format these questions, contact gdpr-mce@ieee.org. As an example of the language, IEEE has prepared the following:

 

ieee policies

Where should these questions be placed during the registration process?

As a rule of thumb, place these questions on a stand-alone page allowing the attendee to focus on these questions as well as ensure they are not lost during the registration process. If possible, place them before the registrant enters any personally identifiable information.

How can I learn more?

The latest information on GDPR and other data privacy regulations can be found on the Technical Activities Data Privacy Resource Page or the IEEE Data Privacy page. Or, send an email to gdpr-mce@ieee.org.

Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[Download PDF]