Data Protection as an Enabler of Trust-Based Personalization
by Beke Alberring
mit der spannenden Frage, wie Events überraschen, begeistern und gleichzeitig DSGVO-konform gestaltet werden können
30s Take Aways
No time to read the whole article? Here are the key takeaways in 30 seconds:
Why is data protection so crucial at events?
Personalization at events requires data. Data protection ensures that this data is used in compliance with the GDPR and builds trust among participants.
What data may be collected during event registration?
Only personal data for which there is an appropriate legal basis for processing and which is necessary for a clearly defined purpose may be collected. Additional information - such as interests or expectations - should only be requested on a voluntary basis, in a transparent manner, and for a specific purpose.
What increases participants’ willingness to share data?
Clearly communicating the added value - such as a personalized agenda or content - increases acceptance among participants.
What are common mistakes when handling event data?
A missing or inappropriate legal basis, excessive data collection, an unclear purpose, a lack of information provided to participants, missing data deletion policies, and insufficiently regulated involvement of external service providers can damage trust and create legal risks.
What is the most important principle for successful event personalization?
Data privacy is not an obstacle, but rather the foundation for trust-based personalization and better event experiences.
Today, events are expected to be personal, relevant, and as surprising as possible - and that requires data. At the same time, the GDPR sets clear rules. At first glance, this might seem like a roadblock, but in reality, it’s more of a creative challenge. After all, when data minimization, transparency, and consent are carefully integrated into the planning process, personalization can be not only legally compliant but also a way to build trust - in this article, we’re less concerned with legal analysis than with practical insights from the world of events.
We spoke with our data protection coordinator, Manuela, to understand what constitutes good data protection and why it’s so important for participants’ event experience.
Editorial Team: What data is it actually permissible to collect during event registration? Of course, role, industry, and company are helpful for personalization, but interests and expectations are also valuable pieces of information that can be used to personalize content. Is it permissible to simply ask for this information?
Manuela: An important keyword in this context is PURPOSE LIMITATION.
There is basic data that is necessary to even send out invitations and communicate about the event: first and last name, email address, or role within the company. Requesting this information is uncontroversial.
Additional information that is not necessary for conducting the event should only be requested on a voluntary basis. If consent is required for this, it must be given voluntarily, in an informed manner, unambiguously, and for the specific purpose.
Especially when it comes to participation in the event’s content, thematic interests are, of course, also very useful. Here, it must be clearly explained what this data will be used for and what added value it brings to the participant. When collecting such information, you should focus on the essentials and collect data only as necessary for the specific purpose. In this case, more is not always better - asking for a zodiac sign, for example, does not really add value to the event experience. In other words: The more focused the request, the higher the acceptance rate.
Editorial Team: How can I ensure that the effort required for data protection doesn’t outweigh the added value of personalization? Are there standardized processes that can help? What are some tips for prioritizing these measures?
Manuela: At ottomisu, we have a guest management tool that really takes a lot of work off our hands because it includes many standardized processes and templates. Our tool, WelYou, offers many modules that can be linked as needed - for example, for basic fields, optional interest surveys, or other preferences. There’s always a certain amount of effort involved. But once a module and its function have been tested, you can reuse it over and over - which is a huge advantage, especially for event series. So data protection work can be seen as a long-term investment rather than a recurring task.
Editorial Team: What typical mistakes do you see when handling data at events or in everyday life? And how do we avoid such mistakes at ottomisu?
Manuela: You must always be able to explain the purpose for which the data is collected, where it is stored, and how long it is retained. It’s easy to forget that personal data may only be stored for as long as it is necessary for the specific purpose. After that, it must be deleted or - if statutory retention requirements prevent deletion - its processing must be restricted.
There must be valid disclosure requirements and a privacy policy. It’s also important to keep in mind that processing personal data on behalf of another party generally requires a contractual basis - that is, a data processing agreement (DPA).
Editorial Team: Where do you draw the line between relevant communication and an uneasy feeling - or the “How-do-they-know-that?” question - and what do participants absolutely need to understand in order to be willing to share their data?
Manuela: We briefly touched on the topic of transparency at the beginning. So it must always be clearly evident where participants can see the added value that comes with the collection of data. There must also always be a legal basis on which you can justify the data collection, but the participants’ feelings and understanding are almost even more important. Here, not only should everything be handled properly from a data protection perspective, but the design should also be planned so that the messaging is tailored in such a way that participants are highly motivated to provide optional information - because they’re offered substantive added value, and this is presented transparently. A message like “Select your interests here and we’ll create a personalized agenda for you” clearly shows what the data will be used for and what value it provides to the participant - in this case, participants are more likely to voluntarily provide this optional information than if it were simply requested as part of their contact details without any explanation.
The added value here cannot be emphasized enough. Phrases like “Save time - select your interests and get an agenda tailored to you, instead of painstakingly putting one together yourself” naturally address a pain point for many participants by focusing on time savings. Here, you should always think from the participants’ perspective and consider what they really need at the event and how we can support that with the appropriate data.
Editorial Team: How do I select tools without posing a data protection risk? For example, when it comes to event apps, matchmaking tools, or platforms.
Manuela: Before using a tool, you should verify what personal data is being processed, for what purposes this is done, the legal basis for the processing, who has access to the data, where it is stored, and how long it is retained. If external providers act as data processors, a data processing agreement (DPA) is generally required. Additionally, you should verify whether subprocessors are involved, what technical and organizational measures are in place, and whether data is transferred to third countries.
Editorial Team: How can data protection actually help participants feel more engaged? After all, data protection isn’t just what enables personalization - it also plays a major role in data collection.
Manuela: I believe that combining communication of the added value with technical implementation is key to obtaining even optional data from participants. An important factor here is the user experience: If I have to click 20 times to get a result, that’s clearly too much. Clarity and simplicity are crucial here to foster a sense of commitment to the content as well.
Editorial Team: What happens if we neglect data protection - both legally and in terms of how participants perceive it?
Manuela: There are, of course, several aspects to consider here: in addition to fines and reputational damage, you’ll naturally also lose the trust of customers and participants. If people already have an uneasy feeling about the data request during the invitation process, they’ll carry that feeling with them to the event and will then be unwilling to disclose data that would actually be valuable to the event. As a result, the event’s impact is diminished, mistrust grows, and the planned interaction may ultimately fail to materialize.
Editorial Team: When planning a personalized event for the first time - from a data protection perspective, what’s the most important thing I should get right from the start? Your top 3 tips:
Manuela: Keep the “purpose limitation” principle in mind (only collect what you really need), ensure transparency (explain the added value in a way that’s easy to understand), and act responsibly - in other words, don’t overthink it or ignore it, but implement it pragmatically and consider it an important part of the process from the very beginning (after all, data protection isn’t the opposite of personalization; it’s the prerequisite for it to work).
What we took away from our conversation with Manuela: Data protection and personalization aren’t mutually exclusive. On the contrary - handling data responsibly lays the groundwork for personalization to feel right in the first place. With this in mind, feel free to check out our article on personalization again and use our downloadable template to take your event to the next level of personalization.
