The GDPR has been in force since 2018 and still raises many questions among event organizers. Together with our Data Protection Officer, we have prepared this summary to answer the most important ones.
Below, we explain step by step when an event management software can be considered GDPR-compliant, what obligations arise from the regulation, and how to fulfill them in practice.
The General Data Protection Regulation (GDPR) has been binding across the EU since 25 May 2018. It replaced previous national laws and unified data protection principles across all member states.
Key objectives:
GDPR applies to every organization processing the personal data of EU citizens — including entities outside the EU. This includes event agencies, conference organizers, and software providers.
Data Controller – determines the purpose and means of data processing (usually the event organizer).
Data Processor – processes data on behalf of the controller (e.g. CONREGO as a registration system provider).
Compliance with GDPR builds a professional image. Participants are more likely to share their data if they know it's processed securely and fairly.
Separate consents are required for marketing or sharing data with third parties (e.g. sponsors). While this may reduce database size, it increases engagement. CONREGO helps filter recipients based on the exact consents given.
Violations may result in fines up to €20 million or 4% of annual global turnover. In some cases, data processing may be restricted altogether by supervisory authorities.
Consent must be:
CONREGO lets you configure custom clauses and automate actions like adding only consented users to mailing lists.
⚠️ Update 2024: CONREGO ensures compliance with new Google and Yahoo rules — mailing opt-out, SPF and DKIM headers, and filtering recipients without consent.
Participants can request access to their data. CONREGO allows one-click export in PDF or XLS format.
Participants can request deletion of their data. In CONREGO, this can be done from the admin panel, while keeping exceptions based on legal requirements.
If a data breach occurs, you have 72 hours to report it. CONREGO stores data on EU-based servers and monitors security incidents.
Participant data can be exported in formats compatible with CRMs, ERPs, and email platforms.
Data protection must be integrated at all project stages. In CONREGO, access can be limited by user role and session expiry rules.
If you assign tags or score participants automatically, you must inform them. CONREGO enables automated but compliant segmentation.
If you process sensitive data (e.g. dietary needs) or manage >5000 records per year, you should appoint a DPO. At CONREGO, we have a DPO on board and conduct regular staff training.
GDPR compliance is not just about avoiding penalties — it’s about professionalism and trust. CONREGO supports you in fulfilling both your obligations as a controller and as a processor.
Want to learn more? Book a free presentation or start your trial account today.
Tomasz Chrościechowski
