With its heavy focus on digital activity, it’s easy to forget that GDPR also impacts real-world data collection. For most experiential marketers, this requires a new layer of consideration to ensure you’re compliant with GDPR mandates in the course of connecting with attendees and gathering their information.
GDPR compliance is mandatory for any business using personal information from EU citizens, even if those companies are not based in the Union themselves. Since it’s usually not feasible to include proof of citizenship as a component of operations, most companies in the US are choosing to renovate their entire data collection landscape to maintain compliance.
The GDPR consists of three primary spheres of responsibility, and your in-person marketing events should comply with each:
Here are six easy steps to ensure all data activities during your experiential marketing efforts are compliant with regulations:
Most marketing events will rely on the “consent” or “legitimate interests” provisions for collecting personal data, and in each case you must have a clear and defensible reason for why that category applies. Review your current data activities accordingly, and remove any type that can’t be easily defended under those requirements or isn’t strictly necessary for operations.
GDPR is technically retroactive, in that companies were supposed to spend the 2016-2018 transition period reviewing existing databases for compliance. If you haven’t already done so, now’s the time.
For most marketing organizations, that will require re-contacting everybody in those lists to receive updated consent, unless the original consent was obtained under conditions similar to GDPR consent requirements. If you’re unable to do so for any individual, you’ll need to erase all personal data you’ve collected and refrain from contacting them in the future.
For most event and experiential marketers the bulk of first-contact GDPR requirements can be handled by initial sign-up forms that include consent and data permission provisions. If you include similar provisions in proactive sign up situations like demonstration scheduling or panel queuing, then your contacts will already have done the hard work for you.
Unsubscribe links have long been a courtesy in emails, but they’re now a key tool for GDPR compliance. To ensure you’re meeting erasure regulations, make it easy for contacts to completely unsubscribe from your data activities with clear links to relevant portals in all targeted and first-contact material.
Before the new regulations, most marketers preferred to think of contact referrals as an implicit form of consent from the referred party. Post-GDPR, you can’t store or process any personal data from an individual who hasn’t actively consented, but you can still automatically notify those individuals that somebody has referred them to you.
If you use notifications as an opportunity to prompt those individuals to consent to further contact, you can then proceed as you normally would.
There are many benefits to experiential marketing and offline data capture—just be sure to remember that all data is relevant to GDPR requirements. That means a staffer accidentally dumping an armful of sign-up sheets across a conference hall floor is now technically a security breach, and you should adjust operations accordingly.
To stay safe, consider using technology to help ensure all your active data capture at events is GDPR compliant and secure.
