On the top of everyone’s minds is GDPR. To help you hear through the noise, etouches complied some of the top questions we are hearing and giving you some guidance. Please always consult legal counsel before moving forward with anything related to GDPR.
Who does this regulation apply to? GDPR covers all EU citizens. For example, if someone from the EU is living in the United States but they still hold citizenship from their EU country then they fall under the GDPR law. On your registration forms, instead of asking for attendee’s address, ask for their citizenship.
How long should data be stored? There is no minimum or maximum amount of time for data to be stored: personal data processed shall not be kept for longer than is necessary for the original purpose. Be clear on your forms what they are signing up for – is it just to collect information for that event or will they also be added to marketing lists?
What is the best practice for collecting data? Whether using a scanner, smart badge or form, list somewhere what you will be doing with their information and send an automated email saying where this happened. This will be your first opt-in. It is best practice to have people “double opt-in”. This can be done with an email saying how you obtained their info and asking what marketing information they want to receive.
Anyone in your database before May 25th needs to re-opt-in to receive communication from you. Send an email explaining that you would like them to keep receiving content from you. Then direct them to a landing page to select what information they want to receive: event info, marketing, product updates, etc. Remember, always assume that people need to opt in not opt out!