Skip to main content
Visit Scotland | Alba

Data protection compliance

Within the events industry, we collect and manage a vast amount of data from attendees every year. Data is collected through a number of sources including registration forms, ticketing systems, social media, event apps, post-event surveys and so on. Event organisers rely greatly on the collection of personal data and this data is frequently used across different mediums for marketing and networking purposes.

It is essential that event organisers understand and comply with data protection legislation. Ignoring this legislation can result in reputational damage, criminal charges, and serious financial consequences.

What is data protection?

The UK Information Commissioner is responsible for enforcing the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) for the United Kingdom. They have published a guide to Data Protection law.  

Important considerations for event organisers

  • Ensure any personal data you have is stored safety and securely
  • Ensure personal data is stored in an encrypted system and be mindful of who has access. Consider changing passwords on a regular basis
  • Ensure any personal data on-site at an event is stored securely
  • Individuals need to actively consent to their data being collected and stored
  • The purpose of data processing must be identified along with a clear description of how the data is used
  • Everyone in your organisation should be aware of data protection and how you work with personal data
  • Have adequate procedures in place to protect and safe-guard your data and ensure all your processes comply with data protection legislation
  • Check out the Information Commissioner’s Office Guide to Data Protection
  • Data protection can be a complex matter. If you need any clarification or guidance on next steps, please contact the ICO directly

Related links