.svg){kind=small}
Anyone who organises events inevitably comes into contact with personal data — from the event invitation and registration to the event check-in. The EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) clearly define the obligations for event organisers. This article explains what responsibilities you have, which laws are relevant, and how to ensure data protection at events with confidence and ease.
With over 20 years of experience in the event industry, both as an organizer and in the development of digital technologies for events, Marc combines his extensive expertise with a Master's in Digital Business Management and a Bachelor's in Business Administration with a focus on Marketing.
Organisations that collect personal data through event invitations, registrations, and check-in are subject to data protection law — specifically the EU General Data Protection Regulation (GDPR) and, in Switzerland, the revised Data Protection Act (DSG). Event organisers are responsible for determining the purpose and means of data processing, while event software providers act as data processors. Key obligations include obtaining valid consent, limiting data collection to what is necessary, and deleting or anonymising attendee data after the event.
The data protection laws — the EU General Data Protection Regulation (GDPR) and the Swis Federal Act on Data Protection (FADP) — distinguish between controllers and processors.
In short: as the organiser, you bear the main responsibility. At the same time, you must ensure that your service providers operate in compliance with data protection regulations.
You may only process personal data if there is a legal basis for doing so. Typical scenarios at events include:
Consent: For example, for newsletters, photos or video recordings, or previously stored data from a customer relationship.
Contract: Such as ticket bookings or participation agreements.
Legal obligation: For instance, to meet official safety requirements
Legitimate interest: For example, to send information, control access, or optimise event planning. The legitimate interest applies as long as it does not override the interests of the participants.
In all cases, the guiding principle is that you should only process the data you truly need and solely for the purpose you have specified.
The GDPR (Article 5) and the Swiss FADP provide clear guidelines:
Transparency: Clearly inform your guests about how their data is processed.
Data minimisation: Collect only what is necessary – avoid unnecessary extra fields in the registration form.
Purpose limitation: Use data only for the purpose stated, not for later marketing activities without consent.
Security: Implement technical measures such as encryption and clearly define access rights.
Privacy by Design / Default: Configure access to your event management tools so that data protection is built in from the start, for example through restrictive access permissions.
When you involve external partners, clear rules are essential. With software providers or badge printing companies, you must conclude a data processing agreement (GDPR Article 28, FADP Article 9). This agreement specifies:
Particular attention is required when data are processed outside the EU or Switzerland. In such cases, you must ensure that an adequate level of data protection is in place and, if necessary, use standard contractual clauses.
Your guests have the right to know which data you store about them, how you use it, and to whom you disclose it. They can request access, have their data corrected, or request its deletion once the purpose no longer applies. Data portability (GDPR Article 20) is also included. These rights apply under both the GDPR and the Swiss Data Protection Act.
A few concrete measures can help you protect participant data reliably:
It is best to discuss data protection policies and measures with your organisation’s Data Protection Officer. Also, keep an emergency plan ready. In the event of a data breach, you must notify the supervisory authorities and affected individuals immediately in accordance with GDPR (Articles 33/34) and the Swiss FADP (Article 24).
Photos and videos without consent: Obtain clear consent during event registration and inform participants how the recordings will be used.
Data sharing with sponsors: Share data with sponsors only with the explicit consent of your guests and a clear contractual agreement.
Insecure tools: Choose providers like Oniva that comply with GDPR and the Swiss FADP, and that disclose their server locations and security measures.
Data protection is a mark of quality for professional events. By providing transparent information, limiting data collection to what is necessary, and using secure systems, you strengthen your guests’ trust in your event and organisation. With clear processes and the right tools, you can create an event experience that is not only enjoyable but also legally secure.
By the way, this link provides a template for a privacy notice for event registrations. Please ensure that you review this template with a data protection expert for your specific use case before publishing.
In principle, the organiser bears primary responsibility for data protection, as they determine the purposes and means of data processing. Service providers such as event software providers or badge printers are considered data processors and must be bound by contract accordingly (e.g. through data processing agreements).
Personal data may only be processed if there is a legal basis for doing so – such as consent, a contract, a legal obligation or a legitimate interest. The principle of data minimisation always applies: only data that is actually necessary for the specific purpose should be collected.
Key principles include transparency, purpose limitation, data minimisation and security. Participants must be clearly informed; data may only be used for the stated purpose; and technical and organisational safeguards, such as access restrictions and encryption, are mandatory.
Find out more about security and compliance with Oniva.
Discover exciting articles about creating unforgettable events.
.svg){kind=small}
