Start Quiz
Test your knowledge on the latest data privacy regulation and its effects on all your events.
Event Marketing
Start Quiz
Is your event marketing GDPR-compliant?
One Clipboard, Inc. d/b/a Splash provides this quiz for informational purposes only and not as legal advice. Splash cannot determine whether or not the European Union’s General Data Protection Regulation (“GDPR”) applies to you or your organization, and following the compliance steps contained in this guide does not guarantee compliance with the GDPR. Splash is not a law firm, and the information in this guide is not a substitute for the advice of an attorney.
Legal Disclaimer:
Good? OK, let's do this!
Good? OK, let's do this!
Reminder: we're not lawyers...
Event marketers must have proactive consent from all event registrants (past, current, and future) who are EU data subjects. Their data must be freely accessible to them and any changes to their information should be updated on all systems.
What are the main area(s) where GDPR affects event marketing?
D. All of the above
C. Access: personal data must be freely accessible, including its recorded history.
B. Centralized Data Management: all personal data must be synced and updated across every system.
A. Consent: you must have proactive consent from event registrants in order to store and use their data.
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
01 of 10
01
You got it!
01
GDPR defines personal data as any information related to an individual or “data subject” in the EU that can be used to directly or indirectly identify the individual. So if your attendee resides in the EU, but their data is processed and stored outside the EU, you still need to obtain consent. And just to be safe, consider proactively obtaining consent on all your RSVP forms.
Does GDPR apply to EU data subjects who go to an event outside the EU? (for example, if someone from France goes to an event in San Francisco, do you still have to capture consent?)
No
Yes
Not quite! Try Again
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
You got it!
02 of 10
02
GDPR covers anybody in your database. So if you’re involved in online events that never actually set foot in the EU but EU data subjects are registering, it counts.
GDPR applies to online events too (for example, webinars).
True
False
Not quite! Try Again
You got it!
Not quite! Try again
03 of 10
03
Organizations within the EU and organizations outside the EU that offer services to or monitor EU citizens.
Which organizations are impacted by GDPR?
02
02
D. Both A and B
B. Organizations outside the EU that offer services to EU citizens
C. Every single organization around the world, regardless of personal data collected
A. Organizations only within the EU
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
02 of 10
You got it!
Attendees that are EU residents
When it comes to events, whose personal data does GDPR affect?
03
03
Attendees that are EU residents
All attendees
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
03 of 10
You got it!
Opt-in consent language on event RSVP forms must be freely given, specific and informed, and include a clear, affirmative action that is not pre-checked.
Under GDPR, opt-in consent on an RSVP form must be:
04
04
D. All of the above
B. Specific and informed
C. A clear affirmative action (not pre-checked)
A. Freely given
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
04 of 10
04 of 10
You got it!
The form includes opt-in consent to processing, links to the company's privacy policy, and provides an additional consent option for EU data subjects.
This event form is compliant in capturing consent.
05
05
True
False
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
05 of 10
You got it!
You do not need consent to send transactional emails if they are directly related to the service/product they opted in for, which in this case is your event.
Do you need to obtain consent when sending RSVP confirmations or ticket receipts?
06
06
No
Yes
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
06 of 10
You got it!
GDPR requires that you provide EU data subjects three things: 1. Access to the data you have stored about them, 2. A written statement about how you're currently using their data, and 3. A plan for how you plan to use their data in the future.
What does GDPR require in terms of giving users access to their personal data?
07
07
D. All of the above
B. You need to provide a written statement for how you are currently using their data.
C. You must provide a written plan for how you intend to use someone's data in the future.
A. You must provide EU data subjects with free access to their data in a digital format.
Not quite! Try Again
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
07 of 10
You got it!
Imagine that you're an exhibitor at a trade show and you're collecting personal data through badge scanning. Can you add these people to your database and market to them immediately?
Not quite! Try Again
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
08 of 10
A. Yes, under Legitimate Interest you can contact individuals whose data you collected at a trade show.
C. No. You're not allowed to contact someone from a trade show, even if you're an exhibitor who scanned their badge.
B. Yes, as long as you explain your Legitimate Interest practices in your company's privacy information.
D. Both A and B
Under Legitimate Interest, you can contact anyone whose data you collected at a trade show booth, but you must outline your Legitimate Interest practices in your company's privacy policy.
You got it!
08
If a data subject from the EU requests the right to be forgotten, you must confirm that you've received their request, and then confirm again once their data has been erased from all of your systems of record. Under GDPR, you also have the option to anonymize their personal information in your systems of record, rather than erasing it completely.
If a data subject from the EU requests the right to be forgotten, what is not a compliant next step?
08
09
D. Erase their data, but market to them within the next 30 days.
B. Delete their contact and personal information in all your systems of record
C. Don’t erase their data, but anonymize their information in all your systems of record
A. Confirm receipt of their request and confirm again once their data has been erased (within 30 days)
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
Not quite! Try Again
09 of 10
You got it!
You must get clear, proactive consent from registrants before sharing their information with any sponsors or partners. If you plan to share attendee lists with partners, ensure they are included in consent language from the start of your registration and attendee engagement campaigns.
After an event, you are free to share your attendees' data with future partners without getting explicit consent from those attendees.
10
10
True
False
Not quite! Try Again
Not quite! Try Again
Not quite! Try again
Not quite! Try Again
10 of 10
You got it!
Want another go?
You know your stuff.
Congratulations!
Want another go?
Want another go?
