Bulletin 5: GDPR and Event Registration
IEEE Technical Activities Bulletin #5
Topic: GDPR and Event Registration
Bulletin Type: Action
Audience: Conference Sponsors and Event Organizers
Version 5, 24 July 2018
A component in complying with the European Union’s General Data Protection Regulation (GDPR) is ensuring IEEE can easily store, access, and erase the data and consent obtained. For example, if a person complains or there is an investigation by authorities, IEEE must be able to prove what, when, and how consent was given in an event registration system.
This applies to all types of events that are delivered by IEEE communities that capture attendee information. Some examples of the types of events include, but are not limited to:
- Award Ceremonies
- Trade shows
- Virtual events
What do I need to keep in mind to comply with GDPR regarding event registration?
As an event organizer, you need to look at how data is collected, how consent is stored, and how to incorporate data security into the event planning and management processes.
How can event organizers obtain attendee consent under GDPR?
The following checklist should be used to ensure you’re following the guidelines for managing consent under GDPR:
- Unbundled: Consent questions must be separate from other specific conference policies.
- Active Opt-In: Pre-checked boxes are no longer valid.
- Specific: Provide options to allow individuals to consent to specific activities, communications, or processes, i.e. call for papers, call for reviewers, registration, conference details.
- Keep Records: Maintain records of consent, how they gave consent, and when.
What do I need to incorporate into the registration process?
Where should these questions be placed during the registration process?
As a rule of thumb, place these questions on a stand-alone page allowing the attendee to focus on these questions as well as ensure they are not lost during the registration process. If possible, place them before the registrant enters any personally identifiable information.
How can I learn more?
Visit the Technical Activities GDPR Resource Page or the IEEE GDPR page or send an email to email@example.com.
Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.
What’s Next? Bulletin #6 will focus on Handling Requests From Individuals Under GDPR