European Union General Data Protection Regulation (GDPR)
GDPR means you will need to obtain consent to hold, use and share people's data. The law requires that you must
clearly explain how you will use people's data, and that they must provide "active" consent of use of personal
data.
With the new GDPR Guidelines, this requires organizations to obtain consent from individuals/attendees prior to
collecting personal data. Please see below:
Opt-in: Consent must be opt-in; implied consent or opt-out is no longer viable.
Unambiguous: Consent to use personal data must be "freely given, specific, informed, and unambiguous".
Clarity: Consent must be made in an intelligible and easily accessible form where legalese terms and
conditions are not acceptable.
Sharing: If personal data will be shared with third parties, it must be disclosed to the individual in
order to gain effective consent.
Withdrawn: Consent must be as easy to withdraw as it is to give.
More information about GDP Regulation: GDPR in the EU.