Visit Scotland | Alba

Within the events industry, (personal) data is often collected from event attendees. You might do so through a number of sources including:

  • registration forms
  • ticketing systems
  • social media
  • event apps
  • post-event surveys

You might greatly rely on the collection of personal data, frequently using it across different mediums. For example, for marketing and networking purposes.

It is essential that event organisers understand and comply with data protection legislation. Ignoring this legislation can result in reputational damage, criminal charges, and financial consequences.

River Clyde and Glasgow skyline

What is data protection?

Personal data is information that relates to an identified or identifiable individual.

This could be as simple as a name or a number, or could include other identifiers such as an IP address, a cookie identifier, or other factors.

Is possible to identify an individual directly from the information you are processing? Then that information may be personal data.

Data protection is about ensuring that personal data is kept from third parties to whom an individual did not consent to share this data with.

There are two main laws that deal with data protection:

  • The Data Protection Act 2018

  • The General Data Protection Regulations (GDPR) for the United Kingdom

The UK Information Commissioner handles enforcing these laws.

Read more about ensuring data protection on ico.org.uk

How do I ensure I'm data protection compliant?

Data protection can be a complex matter. We put together some useful things to keep in mind, but please be mindful that this is not an exhaustive list.

Some important considerations for event organisers might be:

  • ensuring any personal data is stored safely and securely (in an encrypted system)
  • having a policy in place of who is allowed access to personal data changing passwords on a regular basis
  • ensuring any personal data on-site at an event is stored securely
  • identifying the legal basis you are using to collect and process the personal data and make sure this is recorded
  • identifying the minimum amount of personal data you need to fulfil your purpose and only hold that much information - no more
  • identifying the purpose of data processing and providing a clear description of how the data is used
  • raising awareness to everyone in your organisation of data protection and how you work with personal data
  • ensuring all your processes comply with data protection legislation

Browse more tips on data protection compliance on ico.org.uk

The information on this page does not constitute legal advice and is provided for general information purposes only. You should consult your professional adviser for legal or other advice.

Related links

Our privacy policy

Stay informed about the data we hold about you, the reason why we hold it, and how it will be processed.

Industry and Events Directorate

This directorate supports destinations, sectors and businesses to help develop a strong and dynamic tourism and events industry for Scotland.