Consent for booking in other people under GDPR


I run an event where people tend to book in groups, or families. Therefore on a booking a parent could register tickets for themselves and their children (under and over 16 of course).

Other bookings could be a group of friends where one person is booking 5 people in. How does this work for GDPR as I assume they can’t give consent for the others. Some of the details we require for registration are persona such as DOB, dietary requirements etc…

From what I can understand from GDPR, if we gather data from any source other than the individual themselves we have a responsibility to contact that individual, inform them of the data we have obtained and give them a copy of our privacy notice.


That’s a very good question Justyn. It will need to be addressed by a lot of B2B marketing teams too if they usually include registration/booking options to invite a colleague/refer a colleague. I’m going to ask a couple of contacts for their thoughts on this. I also wonder if our @Corporate and @SEC have any advice on this?

1 Like

Thanks for being willing to investigate this.

1 Like

No worries. I’m guessing you would need to build in some kind of verification into your booking system so the additional people can give you the permission you require or you just can’t run with group bookings if individual visitor details are required. Will check it out!

Could your system just gather the atendee’s email and send them a token which they would have to register themselves?

This would speed up the purchase process and get them the consent directly.

Another way I can think of is if you gather this info as a collective. This way, instead of tying the DOB, Dietary Requirements and other data to a specific individual that data would be tied to the group. You would still be able to gather the same data to brief the catering company etc and, for marketing purposes, I guess you can still send them an email with info about the event and ask them to opt-in for further communication.

P.S.: This isn’t legal advice, just some ideas.

1 Like

This is what is says in easyJet’s privacy policy:

“If you book a flight on behalf of someone else, you must have their consent to use their personal information.”

1 Like

Yeah I think that in these kind of cases, if someone is booking on your behalf you are giving them consent to use their personal information. Don’t quote me though!


As a private individual would you technically have to have written permission from the person you were booking for/registering?