8 Replies Latest reply on Feb 19, 2019 4:21 PM by Michelle Tang

    EU GDPR Compliance for Physical Events

    Michelle Tang

      Hey Marketo Users!

       

      We have physical events in Europe this year such as Tradeshows, Happy Hours, Seminars, etc. What are your plans to getting opt in consent to send Marketing communications to these folks?

       

      For example, at a Tradeshow, are you sending an email to those who were scanned at the booth or do you plan on getting consent by signing a piece of paper at the event? Is it the Event vendor's responsibility to add in verbiage when they sign up for the event that they are opting in to booth sponsors marketing email comms? 

       

      Any recommendations or resources would be great!

        • Re: EU GDPR Compliance for Physical Events
          Loren Posendek

          Hey Michelle, thanks for starting this thread! Definitely interested to see everyones feedback and input. I'm no Legal expert, so these are just my opinions. My gut tells me that the event vendor would have verbiage about opting-in and/or opting-out in to receive emails from vendors. However, I wouldn't necessarily rely on that. I may send an opt-in email after the event list is imported + processed appropriately to gain consent.

           

          Some of the countries in the EU (looking at you, Germany) already require double opt-in for email consent, so it may be worth following these guidelines for most EU countries.

           

          The second component of GDPR is cookie consent, which is something that I think is very much a gray area right now as it relates to event list imports. We're still figuring this out with our Legal team.

           

          Hope that helps!

            • Re: EU GDPR Compliance for Physical Events
              Dan Stevens.

              To build on what Loren said - and I'll also start that I'm no legal expert, and suggest you work directly with your legal team on this - there's a key aspect of GDPR called "legitimate interest".  This is still a very gray area and up for interpretation.  For example, if you collected a bunch of business cards at your tradeshow booth and had an initial conversation with these folks, it may be OK to send them a follow-up email just after the event.  But that's it.  They haven't given you their consent for any longer term permission to market to them (unless they did as part of this follow-up email).  Here's more info around LI: Legitimate interests | ICO

              1 of 1 people found this helpful
            • Re: EU GDPR Compliance for Physical Events
              Matjaž Jaušovec

              We thought of exactly this challenge prior to attending the trade show in early February.

               

              We tried one idea and it worked out fairly well: for those who stopped by at our booth & showed interest, we had a  GDPR-compliant web registration form prepared and our representatives simply explained and asked them to fill it out on iPad and subscribe/give consent to marketing communication(s). We managed to capture a fair portion of visitors that way.

              • Re: EU GDPR Compliance for Physical Events
                Amy Connor

                We're making sure that each tradeshow is GDPR compliant before importing leads from booth scans.

                  • Re: EU GDPR Compliance for Physical Events
                    Dan Stevens.

                    Ensuring that they’re GDPR compliant (meaning they have processes in place to protect personal data) or only importing leads that have given their consent to be contacted by exhibitors at the event?  Two different things.

                      • Re: EU GDPR Compliance for Physical Events
                        Amy Connor

                        Sorry, I should have been clearer. We either make sure that each vendor's contract outlines clearly that they got consent to processing and direct marketing from each attendee, or we have them sign our DPA. If we can't get them to sign something to that effect, we put a little sign at our booth that explicitly states that they are opting in to processing and direct marketing when they badge scan. This was what was approved by our legal team.

                    • Re: EU GDPR Compliance for Physical Events
                      Elena S

                      Michelle Tang Did you end up adopting any particular solution for the events in Europe?

                      Something that I've heard of and found interesting is collecting an electronic signature along with scanning the badge, which at least would be some kind of proof of consent. I'm just trying to figure out whether it's possible to somehow automatically associate the signature with the email address without having the attendee re-enter their address manually, because that would be frustrating for them I guess. All the "perfectly legitimate" options seem too tedious from the UX perspective

                        • Re: EU GDPR Compliance for Physical Events
                          Michelle Tang

                          No we haven't unfortunately. Currently any events in EMEA we are working with Tradeshow vendors to ensure they have their consent before adding them into Marketo. From there, we have an opt in date and opt in source field that says it came from the event on X date and we will send a friendly follow up email with "Thank you for visiting booth. You will receive valuable information on XX." So at least they know upfront they will expect to get more emails from us in the future.