Are You Down With The GDPR?


The General Data Protection Regulation is an EU law that comes into force on May 25, 2018. It is designed to protect the privacy rights of individuals in the European Union and give them greater control over the use and storage of their personal information. As a result, a greater burden rests on data collectors to ensure that their collection, storage, and use of personal information is transparent and designed for privacy protection. Any organization that collects or uses the personal information of individuals located within the EU is subject to this law, regardless of where that organization is located in the world. While this article contains information about the GDPR and how it might affect your business, it is not intended as and should not be used in place of legal advice. Consult an attorney for guidance specific to your business.


The short answer is that it will force us to be better at protecting the personal information we collect. What the GDPR mandates is actually a set of best practices that it benefits marketers to follow. At a basic level, it requires that you

  • Collect, store, and use personal information only insofar as it is compatible with your purpose for collecting it
  • Obtain active permission from recipients before you send marketing materials, and
  • Disclose and/or delete an individual’s personal information at their request.

When you consider the best ways to connect with and engage your target audience, it becomes clear that these practices are not only ways to protect the people in your database; they are also important ways to enhance the effectiveness of your marketing efforts. However, marketers who have relied on tactics like buying or scraping email lists and sending out spam emails will need to make dramatic shifts in their practices. The fact that protecting privacy and being clear and transparent about how and why you use personal information is good business is one reason marketers should embrace the changes that the GDPR requires. The other reason is that failing to do so can result in heavy penalties. Depending on the violation, a company can be fined up to the greater of €20 million (approximately $24.5 million) or 4% of the preceding year’s worldwide revenue. So, if your company collects data on individuals located in the EU, adopting procedures to ensure GDPR compliance isn’t an option; it’s a necessity.


Due to the wide range of personal information that may be collected in relation to a virtual event, organizers must be especially mindful of GDPR requirements. Consider all of the information you might obtain from attendees, such as names, employers, locations, job titles, and even notes about accommodations for disabilities. Virtual event organizers must ensure that all of this information is collected, used, and stored in compliance with the GDPR. To do this, it’s necessary to ensure that the platform you use is designed to:

  • Protect privacy
  • Use personal information only as necessary for a specific purpose, and
  • Require active consent before using personal information for the transmission of marketing materials (such as email marketing).

Because of the GDPR’s “Data protection by design and default” provision, it’s critical that any virtual event following the law’s effective date that involves the collection of data on persons located in the EU be hosted on a virtual event platform that has been built to comply with these requirements.

Want to keep reading? Complete the form below to get the full ebook.

Download the ebook

Fill out the form below to download your copy of this ebook now.