GDPR and Your Events

You no doubt will have heard about the new General Data Protection Regulations (GDPR) coming into effect on 25th May 2018.

We have spoken with numerous event organisers who are understandably confused about the new regulations. At Primo Events, we aim to be part of your team, and as such, are collating a number of guides and tools to help keep you right!

We will be following up with how we will be helping you, but to start, here is a quick overview about what GDPR means for your events:


You will need to go to greater lengths to hold, use and share peoples’ data. Crucially, passive acceptance through pre-ticket boxes or by failure to opt out will no longer be acceptable.

  • Be clear on what data you are capturing and have a reason why you are capturing it.
  • Make it clear who the data will be shared with – timers, event photographers, press, results.
  • Participants must actively opt in to any Marketing email lists. 

Holding Data Securely

You have a duty to protect the data you hold – this means that data should not be held on unsecured spreadsheets. Keeping your data within a system like Primo is ideal, as there are a range of security measures in place to protect your data. You should however, review and update the passwords on your account and check what users have access.

Your Participants’ Right to Access Data

Your participants have a right to view the information you hold about them, and if requested, you must provide them with an electronic copy of the information. You must be able to provide them with details of what the data is being used for and where it is stored. 

Your Participants’ Right to be Forgotten

Your participants also have the right to be forgotten and be deleted from your records.

Breach Notification

If a security breach occurs, which is likely to lead to “result in a risk to the rights and freedom of individuals” occurs, it is compulsory to notify both users and data authorities within 72 hours. 

Cleanse Your Data

Under the new guidelines, there is a requirement that all users re-opt into mailing lists and remove data which is no longer used.  You should unbundle permissions, so it details out all the ways the information will be used, for example, phone, email, post.


How We Can Help

While it may be easy for us to bury our heads in the sand around the new regulations, we should remember that it’s about treating people as individuals, protecting their data and their privacy. By managing this correctly, there is an opportunity to build stronger relationships with your participants.  Going forward, this can only have a positive effect on your events.

As part of our GDPR plan, we will be looking at some of the requirements in more detail and announcing some additional tools to help our clients stay compliant.

If you would like to discuss the regulations, please feel free to reach out to us!