1. Types of Personal Data Collected When attending an exhibition, organizers may collect: Full name Email address Phone number Job title and company Geolocation data Preferences and interests (e.g., session choices) Badge scans and interactions during the event 2. Legal Basis for Data Processing Organizers must have a valid legal basis to collect and process personal data. Common bases include: Consent: Explicit permission from the attendee. Contract: Necessary for fulfilling event-related services. Legitimate Interest: For improving event experience or marketing, provided it doesn’t override attendee rights. 3. Transparency and Privacy Notices Attendees must be informed: What data is being collected Why it’s being collected How it will be used Who it will be shared with (e.g., sponsors or exhibitors) How long it will be retained What rights they have (access, correction, deletion, etc.) 4. Consent Management Consent must be freely given, specific, informed, and unambiguous. Attendees should be able to opt-in to marketing communications and opt-out at any time. Consent for sharing data with exhibitors must be separate and clearly explained. 5. Data Sharing with Exhibitors Sharing attendee data (e.g., contact lists) with exhibitors requires explicit consent. Badge scanning is often used as a compliant method for exhibitors to collect data directly from attendees. 6. Data Security Measures Organizers must: Store data securely Limit access to authorized personnel Protect against unauthorized access or breaches 7. International Considerations If attendees are from different jurisdictions (e.g., EU, UK, South Africa), organizers must comply with local data protection laws in addition to GDPR. 8. Attendee Rights Attendees have the right to: Access their data Correct inaccuracies Request deletion Withdraw consent Lodge complaints with data protection authorities