Assessing The Impact Of GDPR On The Meetings Industry

by | May 22, 2019 | Blog

The EU General Data Protection Regulation (GDPR) on data protection has now been in force for almost a year. It has had a direct impact on the meetings industry across Europe and beyond. As a professional conference organiser with a focus on compliance, at Congrex Switzerland, we started taking steps towards GDPR implementation before May 2018.

Our efforts focused on building GDPR requirements into our operational practices and technical applications. This has been a broad-ranging endeavour with implications for every organisational department, from IT to Housing and including Marketing and Meeting Planning. In this article, we outline the impact of GDPR and how we have handled the new requirements, hoping that this serves as a useful guideline to other professionals in the meetings industry.

GDPR & IT In The Meetings Industry

As a conference organiser, Congrex is a data owner, a controller, and a data processor. This means we need to comply with different requirements and have a number of obligations that need to be compatible across our different roles. This requires taking a comprehensive approach to enforcing GDPR in all our IT operations. After auditing our data protection policy, we classified our course of action into two distinct areas:


  • Replacing suppliers and services that were not GDPR compliant.
  • Consulting our clients as part of our needs analysis process.
  • Signed all necessary data processing contracts, ensuring all rights and duties were clearly stipulated.


  • Designated an internal DPO (data protection officer) with legal expertise, as required by Articles 37 and 39 of GDPR. The DPO’s primary role is to monitor all practices related to data protection so we can revise them on an as-needed ongoing basis.
  • Modified some of our software to ensure it was in line with GDPR concerning the rights of data subjects.
  • Applied greater scrutiny to any IT-related operations that involved processing or transferring personal data.
  • Trained all internal staff to create a culture of data protection awareness.

GDPR & Meeting Planning

GDPR’s impact is somewhat limited in this department. The main change involves the event enrolment process. In addition, we have modified our forms and no longer ask delegates for specific personal data.

GDPR & Housing

The changes here have been substantial, as GDPR requires data encryption and the set up of individual access systems when dealing with personal information. This means we’ve had to redesign our communications with hotels and other travel service providers.

For example, credit card data are now sent to service providers via a secure link or over the cloud instead of over plain e-mail. The same applies to delegate lists that are routinely sent to hotels, which are now password-protected and sent over the cloud. Moreover, third-party room reservations are now available via a secure system, which includes individual log-in credentials for each delegate.

GDPR & Registration Services

Following GDPR implementation, our registration department no longer collects delegates’ data. These include an address, marital status, e-mail, and others. Previously, this type of data was passed on to our clients at their request, usually after a meeting was over for follow-up purposes.

On the one hand, this reduces the volume of work for our department. But on the other, it incurs additional costs and effort. For example, signs must be set up at the venue to make delegates aware of opt-out possibilities. We also need to get very granular, specifying what data we’re collecting and for which purposes.


Overall, GDPR has been a positive addition to our operations, making them more robust and reliable. It has also brought value to our clients, who now have full control over their personal data. However, we’re facing new challenges as a result of these regulations. Many suppliers and clients aren’t aware of the full scope of GDPR. So data collection and handling are now longer processes as we need to explain the changes. At the same time, GDPR compliance is labour intensive. It has added 1-2 additional steps to the workflow of most departments. Looking ahead, our main priorities are raising GDPR awareness among all parties involved, and streamlining further our operations while keeping GDPR principles at the core of what we do.

More Articles

Many people ask the question, what is a PCO? Basically, PCO is just an acronym for Professional Conference Organiser. This is a company that mainly specialises in the planning of conferences, events and meetings. It is about conferences and events management which serve as their core business activity, not for a secondary service. Because of […]

Have you ever tried to organise a conference? How about attending an international conference? If yes, then you might have an idea of how the conference was successfully held by its organisers. You might even have seen how everything works well in every single detail in delivering the main goal of the conference during that […]

Booking conference accommodation in a foreign country can be problematic; there are language barriers, different cultural aspects, currency issues, as well as varying rules and regulations which can become stumbling blocks in the event organisation process. So how do you ensure you book the right hotels, at the right price with the right conditions, in […]

Want to be updated regularly?
Subscribe to our newsletter.

You have Successfully Subscribed!

Pin It on Pinterest