Skip navigation

New Privacy Regulations for Event Data Coming in 2023

If the way you handle attendees’ information doesn’t meet the EU’s GDPR standards, it may not meet some U.S. state’s standards being enacted in 2023.

It’s been about five years since the European Union’s General Data Protection Regulation, or GDPR, went into effect, putting strict rules in place for collecting, storing, and processing data on EU citizens.

At that time, many U.S. meeting professionals changed their data practices if there was any chance an EU citizen would be among their attendees. For those who didn’t update their practices, however, the time has come.

That was the message from Jill Blood, vice president, deputy general counsel at Maritz Global Events during a December 14 meeting trends webinar, hosted by MeetingsNet and led by Blood and her Maritz colleagues Steve O'Malley, enterprise vice president and COO, and Greg Bogue, enterprise vice president, brand, experience, and innovation ecosystems.

Blood reviewed the history of the EU’s GDPR as well as California’s effort in 2018 to enact its own data-protection regulation. Looking ahead, she said, there’s a clear trend toward protecting personal information in the U.S., with new state regulations effective as of January 1 in Virginia; July 1 in Colorado, Connecticut, and California (expanded from 2018); and December 1 in Utah.

“2018 was when the privacy concept really hit the U.S.,” Blood said. “California is obviously a huge state with a lot of people. So, for companies that somehow escaped GDPR, that meant they really needed to focus on privacy. I don't think anybody thought that was the end of it, and now here we are with five new states coming online with privacy laws. It's really spreading.”

RELATED: The Meeting Professional’s Guide to GDPR

The good news is that the new laws have a lot of commonalities with GDPR and California’s data protections. The simplest and perhaps fairest approach, says Blood, is to use the strictest regulation as your guideline, and don’t try to apply one privacy standard to attendees from Virginia and another to those from Texas, for example.

For meeting planners, Blood reviewed five concepts at the heart of data privacy:

Data minimization: Reduce the amount of attendee data you store, and make sure you don’t keep it longer than you need.
Security: Ensure that data is stored safely.
Notice: Tell attendees how their information will be used and shared.
Consumer rights: Give attendees control over how their information is used and shared.

Contractual requirements: Set expectations through contracts about suppliers’ obligations around personal information.

Watch the full webinar on demand for more details from Blood around data privacy requirements, as well as presentations from Steve O’Malley and Greg Bogue on attendee expectations, inflation, and other trending issues.

From Steve O'Malley: “We have to think differently because our guests are thinking differently. People have been shaped by this pandemic, and now they want much more of a sense of purpose and autonomy, much more flexibility and downtime, and more ability to do things on their own terms. That has big implications for us as designers of events, and we need to take that into account.”


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.