<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=138329627367473&amp;ev=PageView&amp;noscript=1">

Julia Manoukian


June 14, 2018

6 Ways to Make Your Brand Activations GDPR Compliant

Julia Manoukian

See More

With its heavy focus on digital activity, it’s easy to forget that GDPR also impacts real-world data collection. For most experiential marketers, this requires a new layer of consideration to ensure you’re compliant with GDPR mandates in the course of connecting with attendees and gathering their information.

What Brands Need to Know About GDPR

GDPR compliance is mandatory for any business using personal information from EU citizens, even if those companies are not based in the Union themselves. Since it’s usually not feasible to include proof of citizenship as a component of operations, most companies in the US are choosing to renovate their entire data collection landscape to maintain compliance.

The GDPR consists of three primary spheres of responsibility, and your in-person marketing events should comply with each:

  • Data governance: Data systems should maintain privacy by design and data breaches must be promptly disclosed, even when handled by third party vendors
  • Data management: Data processing, transfer, and erasure should all comply with GDPR requirements
  • Data transparency: You must provide clear privacy policies to outline all data activities, gain active consent from all data owners before using their data, and provide easy access to that data in standard portable file formats

How to Stay GDPR Compliant

Here are six easy steps to ensure all data activities during your experiential marketing efforts are compliant with regulations:

Review Data Needs vs. Wants

Most marketing events will rely on the “consent” or “legitimate interests” provisions for collecting personal data, and in each case you must have a clear and defensible reason for why that category applies. Review your current data activities accordingly, and remove any type that can’t be easily defended under those requirements or isn’t strictly necessary for operations.

Review Existing Contacts

GDPR is technically retroactive, in that companies were supposed to spend the 2016-2018 transition period reviewing existing databases for compliance. If you haven’t already done so, now’s the time.

For most marketing organizations, that will require re-contacting everybody in those lists to receive updated consent, unless the original consent was obtained under conditions similar to GDPR consent requirements. If you’re unable to do so for any individual, you’ll need to erase all personal data you’ve collected and refrain from contacting them in the future.

Expand Proactive Sign Up Opportunities

For most event and experiential marketers the bulk of first-contact GDPR requirements can be handled by initial sign-up forms that include consent and data permission provisions. If you include similar provisions in proactive sign up situations like demonstration scheduling or panel queuing, then your contacts will already have done the hard work for you.

Make Unsubscribing Easy

Unsubscribe links have long been a courtesy in emails, but they’re now a key tool for GDPR compliance. To ensure you’re meeting erasure regulations, make it easy for contacts to completely unsubscribe from your data activities with clear links to relevant portals in all targeted and first-contact material.

Turn Referrals Into Notifications

Before the new regulations, most marketers preferred to think of contact referrals as an implicit form of consent from the referred party. Post-GDPR, you can’t store or process any personal data from an individual who hasn’t actively consented, but you can still automatically notify those individuals that somebody has referred them to you.

If you use notifications as an opportunity to prompt those individuals to consent to further contact, you can then proceed as you normally would.

Build a Data Depot for Events

There are many benefits to experiential marketing and offline data capture—just be sure to remember that all data is relevant to GDPR requirements. That means a staffer accidentally dumping an armful of sign-up sheets across a conference hall floor is now technically a security breach, and you should adjust operations accordingly.

To stay safe, consider using technology to help ensure all your active data capture at events is GDPR compliant and secure.

New Call-to-action

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe for Updates