Privacy and security go hand in hand — you can’t talk about one without the other. And these things have been grown more intertwined since the rise of the internet. For now, humanity is under privacy laws such as the EU’s GDPR and the US’s CCPA, and many countries have since introduced their own versions, including Thailand’s PDPA. These laws apply to all the industries that work with data, especially in the world of events where we have to work with large volumes of personal data.
Today, we will talk about what you need to know to ensure that your event complies with these laws. So you can host your event stress-free and be able to focus on other parts to deliver the best experience to your attendees.
• Write Clear Terms and Conditions
• Always Have the Cookie Consent
• Do Not Overshare the Data
• Give Your Attendees the Right to Delete
• Let’s Make Your Event Complies
Write Clear Terms and Conditions
Before launching your online registration page:
- Prepare clear and concise Terms and Conditions.
- Tell attendees what data you are collecting and why.
- Let attendees know how you will collect, keep, and use their information for the event.
There are various details that go into writing good Terms and Conditions, but the core principle is simple: tell your attendees that you will only use their data for the purposes stated. For example, you may collect names and email addresses solely to send event updates — not marketing newsletters unrelated to the event.
Tips: There are online services or AI that can generate Terms and Conditions automatically. If your event involves straightforward data collection, these tools can save you a significant amount of time. Or contact us to see our samples.
Always Have the Cookie Consent
Websites today are interactive, not just informational. To remember who you are across sessions, websites use cookies — and that’s where cookies come in. But you must obtain user consent before collecting them. Since GDPR came into effect, websites must ask visitors for permission to collect cookies for both functional and marketing purposes.
There are many tools that offer a free cookie consent banner. Some come with paid versions that include more customization options and an analytics dashboard.
Do Not Overshare the Data
Be careful when sharing data internally — passing information to unrelated departments is a violation of privacy regulations. The rules are simple: first, collect only the minimum data you need; second, share it only with those who genuinely need it.
What about external partners or sponsors? You can share data with them — but only if it is clearly stated in your Terms and Conditions (which is exactly why we recommend writing them thoroughly). A common approach is to include two checkboxes at the bottom of the registration form: one for accepting the event’s Terms and Conditions, and another for consenting to receive newsletters from event sponsors.
Give Your Attendees the Right to Delete
Under GDPR, users always have the right to unsubscribe or request deletion of the information they provided — including their full name, email address, phone number, and more. Your platform must therefore include a way for users to delete their account, whether that happens automatically or via a manual approval process.
Important: There is certain data you are required to retain, such as transaction records, payment details, and invoices — these are necessary for auditing and tax purposes. Make sure this is clearly explained in your Terms and Conditions.
Keeping Your Event GDPR-Compliant
Events are fundamentally about people. In the digital age, protecting their data is not optional — it’s a core responsibility. By incorporating these practices into your planning process, you can run your event with confidence and focus your energy on creating an extraordinary experience for every attendee.
Happenn provides a best-in-class event technology solution built to the highest security standards. All of our features — including online registration, on-site check-in, surveys, and mobile applications — operate in full compliance with GDPR and PDPA.
——-
If you want an all-in-one solution for your upcoming event, check out our Products page to learn more about us. Or contact us directly by filling out the form here.