As an event organizer, you spend a lot of time with data from visitors to your event. It is important to store this data as well as possible and to process and delete it correctly. Nowadays, privacy and the handling of data are important items. That is why the European Commission has decided to introduce the General Data Protection Regulation (GDPR). The AVG is a privacy law that applies to the entire European Union. In Europe, the law is better known as General Data Protection Regulation, the GDPR. This law ensures that individuals have more control and insight into the way in which personal data is processed.


The GDPR was created to enable citizens to view and change their personal data. In this way, the citizen gets a better grip on the data provided. For example, it was often not at all clear what data you left behind and what was subsequently done with it.

Many companies use personal data to create personalized advertisements or, for example, to sell your e-mail address to a third party. As a result, you suddenly found yourself on a mailing list that you had not subscribed to at all. The GDPR ensures that such matters are no longer legally allowed, giving you more control over what happens to your own data. Companies and therefore also events will have to deal better with the processing of personal data.

GDPR in the events sector

Basically, the GDPR for the events sector is quite simple; treat the sensitive data of others as you would like your data to be treated. You wouldn't like it if your data were sold to a third party or suddenly mentioned with your name and photo. To be more specific, we will take you through the GDPR before, during and after the event, so that your event will fully comply with European privacy legislation!

GDPR before the event

The registration form

You will request information from visitors for your event. It is common to use an online registration form on an event website for this. The data that is then entered by the visitor will have to be well protected. But how do you know whether the data is properly secured? Good data protection can be recognized by the ISO 27001 certificate. Companies with an ISO 27001 certificate meet strict requirements regarding the protection of data, including the personal data of visitors.

Now that your visitors' data is securely stored, it's time to think about the information you request. Which data is really indispensable for your event? Make sure you only request this and no unnecessary or fun information. Don't ask more than is strictly necessary and ask yourself the question: "Would I be willing to provide this information myself if an organization asked for it?". For example, it sometimes happens that you are presented with a registration form for an event with the following questions:

  • Salutation (Mr. or Mrs)
  • First name
  • Last name
  • Position
  • E-mail address
  • Company name
  • Company address details
  • Zip code + house number
  • Location
  • Country
  • Company size
  • Company turnover

A large part of these questions are unnecessary and cause suspicion among visitors. Because what should the event do with the company size, the turnover of the company, my position and the address details of me and the company? To go to this event it would have been enough to ask the following questions:

  • First name
  • Last name
  • E-mail address
  • Company name

In this way, the event organizer has more than enough information about the visitor. Would you like to ask for more information? Then ask yourself first whether you really need it for the organization of the event.


Since you have already received e-mail addresses from the registration form, you can inform the visitors via mail. But before you get there, you'll need to save the data somewhere. This is often done in an Excel file that will be shared with other colleagues. Sharing is often done via email... But this is a risk. This action significantly increases the risk of a data breach.

This is because the mail provider receives a copy of the file you sent to your colleague. This file is stored on the mail provider's server. This is not only on the server of your provider but also on the provider of the recipient. At first sight, this does not seem to be a problem. But do you know what the mail provider does with the Excel file?

To reduce the chance of a data breach, it is possible to share the file in other ways, to encrypt the e-mail or to set the e-mail to self-destruct. Should you now receive an e-mail with sensitive information? Save the file with a password in a certain folder (a hacker will first look under the folder downloads), delete the received e-mail message and empty the trash. If the trash is not emptied, the email is still on the mail provider's server.

GDPR during the event

The guest list

You have applied everything about GDPR in the preparation for your event, now the event can start! The visitors are now starting to trickle in and at the access control, there is a list with all the names of the visitors. The employees cross off and visitors are inside. Did you already get the error? Right, the guest list is visible to all visitors. If someone takes a picture of the frame, you are already dealing with a data breach.

It is therefore important to ensure that no one can get behind the registration desk and therefore cannot take a picture of the frame. It is of course even easier to use event software so that you do not need a physical list at all!


After the visitors have registered, they can take their own badges that are placed on a table in alphabetical order. But also here the visitors can study all the information of the others. If a photo is taken of this, you have another data breach.

It is therefore wise to print out the badges when the visitor registers. The visitor immediately receives the badge and has nothing to do with the badges of other visitors.

In addition to handing out the badges themselves, it is also important to pay attention to what is written on the badges. Think carefully about which information you want to put on a badge and whether this is in conflict with the GDPR.


You may not think about it that quickly, but it is important to have GDPR internet security. Because when many people are present at a location, there is a great chance that the mobile internet will no longer work properly. Your visitors and speakers or workshop supervisors will use WiFi. Unsecured WiFi (WiFi without a password) is often used for this. This is a gold mine for a hacker. A data leak can occur via the unsecured network. So always make sure that visitors and speakers can use secure WiFi. A lack of (good) internet security can be a potential data leak.

Must read: The dangers of public WiFi networks

After the event

Share footage

During the event, there will most likely be a photographer walking around to capture the event. To share the images, you will need permission from the visitors. You can ask for permission at the entrance of the event. For example, put up a sign that says: “Photos will be taken during this event for marketing purposes. If you object to this, please indicate this to the photographer”.

In this way, you have indicated that photos are being taken and that they can be shared, but the visitors do have the chance to indicate that they do not want this. If you do receive a message afterwards from a visitor who would rather not appear on your socials, simply remove the photo.

Delete data

Now that your event is complete, it's time to delete the attendee data. Keeping all contact details can only cause a data breach. Please note that all e-mails with content about the contact details will also be deleted. Just like the trash can of your email and computer.

GDPR compliance event registration software

As you can see, there are many factors that you need to take into account to organize your GDPR compliance event. Do you want your visitors' data to be stored in accordance with the GDPR guidelines? Then Halito is a great partner for your event!

Must read: How GDPR-proof is event registration?

At Halito!, we highly value security and privacy. For example, we have obtained the ISO 27001 certificate. This makes it virtually impossible for hackers to access your data and those of your visitors. We ensure that only the right people can access the most important data and you no longer need paper for access control. All data is securely stored online and is automatically updated, so you don't have to worry about visitor registration.

Want to know more? Then schedule a meeting with us!