Bulletin 5: GDPR and Event Registration

IEEE Technical Activities Bulletin #5
Topic:  GDPR and Event Registration
Bulletin Type: Action
Audience: Conference Sponsors and Event Organizers
 
Version 5, 24 July 2018
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
A component in complying with the European Union’s General Data Protection Regulation (GDPR) is ensuring IEEE can easily store, access, and erase the data and consent obtained.  For example, if a person complains or there is an investigation by authorities, IEEE must be able to prove what, when, and how consent was given in an event registration system. 
 
This applies to all types of events that are delivered by IEEE communities that capture attendee information. Some examples of the types of events include, but are not limited to: 
  • Award Ceremonies
  • Conferences 
  • Meetings
  • Receptions 
  • Retreats
  • Seminars 
  • Trade shows
  • Virtual events 
  • Webinars 
What do I need to keep in mind to comply with GDPR regarding event registration?
As an event organizer, you need to look at how data is collected, how consent is stored, and how to incorporate data security into the event planning and management processes. 
 
How can event organizers obtain attendee consent under GDPR? 
The following checklist should be used to ensure you’re following the guidelines for managing consent under GDPR: 
  • Unbundled: Consent questions must be separate from other specific conference policies.
  • Active Opt-In: Pre-checked boxes are no longer valid.
  • Specific: Provide options to allow individuals to consent to specific activities, communications, or processes, i.e. call for papers, call for reviewers, registration, conference details.
  • Keep Records: Maintain records of consent, how they gave consent, and when. 
What do I need to incorporate into the registration process?
All events will be required to incorporate pro-active consent to both the IEEE Privacy Policy and IEEE Event Terms and Conditions as part of the event registration process to capture and affirm active consent. Acceptance is mandatory as a condition of registration for an event and requires a specific format. To learn more about the format, contact gdpr-mce@ieee.org. As an example of the language, IEEE has prepared the following:  
 
gdpr language 
 
Where should these questions be placed during the registration process?
As a rule of thumb, place these questions on a stand-alone page allowing the attendee to focus on these questions as well as ensure they are not lost during the registration process. If possible, place them before the registrant enters any personally identifiable information. 
 
How can I learn more?
 
Please share this information with additional volunteers, contractors, temporary employees, interns, and consultants as needed.
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
What’s Next? Bulletin #6 will focus on Handling Requests From Individuals Under GDPR