Online events, also known as virtual events, are the event format of the moment. Webinars, online seminars and after-work parties in online format have been booming since Corona made face-to-face meetings impossible. If the Corona regulations do allow it, hybrid events can also be held. In this event format, both guests at the venue and virtual visitors are present.

Above all, the aspect of interactivity is emphasized here and entertains the guests - present in analogue or digital form. With both event formats - online events and hybrid events - data protection must be considered from the outset to ensure that the events are safe (and) successful.

Virtual events and the GDPR

At the moment, many people are missing the chance to meet in person. However, online events do have their appeal: important meetings no longer have to be day-long events because there is no need to travel to and from the event. Event planners have also been quick to adapt and focus on virtual events. A study of event professionals conducted by Global Meeting Industry Day in mid-2020 clearly showed how much potential there is in digital formats: more than 60% of event organizers said they wanted to hold more hybrid events, even after Corona. Even international trade fairs are now being held online or in hybrid formats.

However, it is important to plan such formats well, not only for organizational reasons, but also to take data protection into account right from the start. The Internet forgets nothing - unfortunately, this applies not only to embarrassing videos, but also to possible data leaks that can quickly occur due to organizationally faulty preparation for online events. So smart planning in advance is a must here. We give you an overview of the absolute basic steps of every online event - whether purely virtual or hybrid.

Virtual events connect with a click - but here, too, the rules of the DSGVO must be observed.

Data protection and virtual events: The most important points

Virtual events offer many advantages - from reach and increased interaction to optimal evaluation of the data obtained. However, systematic preparation is required to ensure that the data required and collected is secure and can also be used on the marketing side afterwards. The most important points to remember here are:

Basic principles of the GDPR:

According to Art. 5 GDPR, one of the most important basic principles of the GDPR is the so-called data economy. This states that only those data may be collected that it really needs. Especially when collecting subscriber data, for example via contact form, you should keep this in mind. For example, it is usually irrelevant where the participants live. Basically, you don't even need a name - an e-mail address and possibly the company name are already sufficient for registration.


Personal data is collected during registration. These must be protected (principles of integrity and confidentiality according to Art. 5 DSGVO), which is why sufficient encryption of the website and data transmission is mandatory. Always follow the current standards here.

The used tool:

The event stands and falls with the video conferencing tool or online event tool used. Here it is essential to look for a tool that not only meets the technical requirements (such as the unlimited number of participants or streaming without a time limit), but above all also the data protection requirements. Here it is important to check whether personal data is processed via the tool (the answer is yes in 99% of cases, because the participants usually register by name / cell phone number or e-mail address and are present in image and / or sound) and where this data is stored or processed. As a rule, you need an order processing contract with the provider of the tool. If it is a non-European tool that also processes the data outside the EU, remember that the EU-U.S. Privacy Shield has been overturned and you must therefore agree additional contractual provisions with the tool provider.

Privacy Policy:

Which data is collected for which purposes and how is it processed? Which tools are used when and why? You must make all these questions available to participants in simple and understandable language with just one click - even before the event. The privacy policy must therefore always be kept up to date, depending on the tools used. If you also want to use the data for marketing purposes, then these purposes must also be explained in the privacy policy and the participants must be given the opportunity to object at any time. In addition, a so-called double opt-in is required in this case.

Double Opt-In:

In order to protect the interested parties from unwanted information, the use of data for further advertising purposes generally requires consent pursuant to Art. 6 (1) a) DSGVO and § 7 (2) and (3) UWGIn this case, a confirmation email must be sent after registration, which contains a confirmation link. Only when this link is confirmed is the data processing for advertising purposes lawful. Important: If interested parties register for the digital event but do not perform a double opt-in, the e-mail address may not be used for further advertising (see also Section 7 (2) Nos. 2 and 3 UWG).

Privacy of participant data:

Before, during and after the event, the data of the participants must be protected as best as possible by you as the person responsible. This means, for example, that no list of participants may be published unless they have given their express consent, that the names of those present may not be shown online unless they request it, or that no images or sound recordings may be made unless consent has been given in advance. In addition, you also need a concrete concept of how to proceed internally if a data protection breach occurs.


The latest developments in the event industry!
We keep you up to date with the latest developments in digital and analogue event trends. Register now and receive the 2022 State of Event Management Report!


These are the basic points that need to be taken into account for a digital event - whether hybrid or purely virtual. This checklist on the subject of data privacy at events provides you with further important points. If you have any doubts about a data protection measure to be taken, be sure to clarify them with your data protection officer, because the Internet is rarely forgiving of mistakes and the number of DSGVO fines rose rapidly in 2020 - despite Corona. Or precisely because of it.

  • 11 Tips to Make Your Virtual Event a Guaranteed Success

    • Virtual Events

    Virtual event: This does not have to be a boring webinar or a pixelated conference livestream. With a few good ideas and the right tools, it can become an event with real added value that will inspire your participants.

  • 2 Years GDPR - a Well-Intended Review

    • Tech & Tools

    Hardly any other EU regulation has affected German and European companies as profoundly as the GDPR. Whether a company or a start-up, organisations have been obliged to implement the rules for the protection of personal data since 25th May 2018."…"

Article by Kathrin Strauß
Originally coming from the photography & media sector, Kathrin now monitors all developments in the digital data protection world as a TÜV-certified data protection officer for and makes even difficult legal issues accessible.