Assessing The Impact Of GDPR On The Meetings Industry

von | Mai 22, 2019 | Blog

The EU General Data Protection Regulation (GDPR) on data protection has now been in force for almost a year. It has had a direct impact on the meetings industry across Europe and beyond. As a professional conference organiser with a focus on compliance, at Congrex Switzerland, we started taking steps towards GDPR implementation before May 2018.

Our efforts focused on building GDPR requirements into our operational practices and technical applications. This has been a broad-ranging endeavour with implications for every organisational department, from IT to Housing and including Marketing and Meeting Planning. In this article, we outline the impact of GDPR and how we have handled the new requirements, hoping that this serves as a useful guideline to other professionals in the meetings industry.

GDPR & IT In The Meetings Industry

As a conference organiser, Congrex is a data owner, a controller, and a data processor. This means we need to comply with different requirements and have a number of obligations that need to be compatible across our different roles. This requires taking a comprehensive approach to enforcing GDPR in all our IT operations. After auditing our data protection policy, we classified our course of action into two distinct areas:


  • Replacing suppliers and services that were not GDPR compliant.
  • Consulting our clients as part of our needs analysis process.
  • Signed all necessary data processing contracts, ensuring all rights and duties were clearly stipulated.


  • Designated an internal DPO (data protection officer) with legal expertise, as required by Articles 37 and 39 of GDPR. The DPO’s primary role is to monitor all practices related to data protection so we can revise them on an as-needed ongoing basis.
  • Modified some of our software to ensure it was in line with GDPR concerning the rights of data subjects.
  • Applied greater scrutiny to any IT-related operations that involved processing or transferring personal data.
  • Trained all internal staff to create a culture of data protection awareness.

GDPR & Meeting Planning

GDPR’s impact is somewhat limited in this department. The main change involves the event enrolment process. In addition, we have modified our forms and no longer ask delegates for specific personal data.

GDPR & Housing

The changes here have been substantial, as GDPR requires data encryption and the set up of individual access systems when dealing with personal information. This means we’ve had to redesign our communications with hotels and other travel service providers.

For example, credit card data are now sent to service providers via a secure link or over the cloud instead of over plain e-mail. The same applies to delegate lists that are routinely sent to hotels, which are now password-protected and sent over the cloud. Moreover, third-party room reservations are now available via a secure system, which includes individual log-in credentials for each delegate.

GDPR & Registration Services

Following GDPR implementation, our registration department no longer collects delegates’ data. These include an address, marital status, e-mail, and others. Previously, this type of data was passed on to our clients at their request, usually after a meeting was over for follow-up purposes.

On the one hand, this reduces the volume of work for our department. But on the other, it incurs additional costs and effort. For example, signs must be set up at the venue to make delegates aware of opt-out possibilities. We also need to get very granular, specifying what data we’re collecting and for which purposes.


Overall, GDPR has been a positive addition to our operations, making them more robust and reliable. It has also brought value to our clients, who now have full control over their personal data. However, we’re facing new challenges as a result of these regulations. Many suppliers and clients aren’t aware of the full scope of GDPR. So data collection and handling are now longer processes as we need to explain the changes. At the same time, GDPR compliance is labour intensive. It has added 1-2 additional steps to the workflow of most departments. Looking ahead, our main priorities are raising GDPR awareness among all parties involved, and streamlining further our operations while keeping GDPR principles at the core of what we do.

Mehr News

Hosting virtual conferences is on the rise. The current restrictions imposed on travel and mass gatherings have placed most meeting planners in a tight spot. Some planners were able to reschedule their conferences, but many events had to be cancelled completely. If we can find a positive aspect this is that organisers can still bring […]

Effective Team Building Among Remote Workers. Remote working is surging in popularity amidst the restricted movements. Working from home has its perks like increased focus and better performance. However, most of the employees work in isolation and fail to build trust and rapport with their colleagues. In a traditional office, workers spend over 40 hours […]

Is it possible to achieve engagement in virtual events? With the current travel restrictions and limited in-person interactions, virtual and hybrid events are on the rise. Even though nothing beats attending a physical trade show and networking with attendees, one can achieve a similar experience in an online event. However, keeping an online audience engaged […]

Want to be updated regularly?
Subscribe to our newsletter.

You have Successfully Subscribed!

Pin It on Pinterest