Data Protection at Events – During and after
If the invitation is met with interest, the participant will register for the event.
Here, too, there is a lot to consider in terms of data protection:
In addition to the name and email address, telephone numbers, payment information, travel information or information on allergies or physical limitations are often collected in the context of registrations for events.
It is therefore essential to observe the requirement of data minimisation according to Art. 5 para. 1 lit. c) GDPR.
This means that only personal data that is actually relevant for the event may be collected.
This is accompanied by the purpose limitation principle according to Art. 5 para. 1 lit. b) GDPR. This principle states that data may only be collected for the corresponding purpose, such as the organisation of the corresponding event.
First of all, during the event care should be taken to ensure that no guest list is openly visible. Name badges should only be handed out to persons identified beyond doubt.
According to Art. 13 and 14 of the GDPR, participants must also be informed about image and sound recordings at the venue.
After the event
After the end of the event, the collected data must usually be deleted, as the purpose for which it was needed has been achieved. In this context, it should be noted that the data is not used for advertising purposes without reason.
The organiser’s information obligations must also be observed. Participants must always be informed about the type and purpose of processing.