GDPR - A Quick Guide
Hopefully, now that the new data protection regulations are in full swing, you will have seen a noticeable reduction in identikit begging emails from companies asking you to “stay with us”. Whilst the reduction to our junk mail is one huge benefit to the introduction of the new GDPR, we mustn’t trivialise the importance of ensuring that we ourselves are complying with the new provisions. Unless you’ve been in hiding you will know that things are getting serious - fines are getting bigger and the power is returning to the people (or the ‘data subjects’ as they are referred to in the regulations).
GDPR represents the biggest change to UK and European privacy law in 20 years. When the Data Protection Act was passed back in 1998 the world of electronic data was, quite literally, another world. It was a world without Google, iPhones, Facebook, Twitter or Instagram. Amazon and eBay were relatively new start-ups, and the ‘cloud’ was something that left us wondering where our umbrellas were. When taking all of this into account it’s surprising that it has taken so long for this overhaul to come into effect.
So, what does this mean for production companies? As you will have seen, Pact have issued a very comprehensive and useful ‘Guidance on the General Data Protection Regulations’ document which is available via its website. In addition, it has updated the template Contributor Release Forms to ensure compliance with the new regulations. These documents, along with keeping up-to-date with other industry GDPR updates via the Pact website, are an excellent starting point for any indie on its journey to ensure compliance.
You will see from the Pact Guidance that some of the particular considerations to ensure compliance (and this is not meant as an exhaustive list) are:
- Reviewing your data processing activities and ensuring that you have a lawful basis for each processing activity;
- Updating your internal Date Protection Policy;
- Updating your external Privacy Policy;
- Reviewing and updating your template release forms packages along with other contracts such as Presenter Agreements, Writer Agreements, Access Agreements, Supplier Agreements etc.;
- Reviewing your security measures in relation to the processing of personal data and putting additional and appropriate security measures in place;
- Training staff to ensure they are aware of the new regulations, the impact this is having on your company, and the measures your company is taking to ensure compliance.
An important final point to remember is that data protection compliance is not a one-off procedure; it is an ongoing and evolving process – a journey. Ensure that you are aware of the GDPR and the DPA 2018 provisions and review their processes and policies on an ongoing basis to mitigate the risks of falling foul of data protection legislation.
The Cow Shed Media Services are available to review your template release forms and any other production related agreements. In addition, we can work with you to update your internal data protection policies and external Privacy Policies to ensure compliance with the new regulations. Please contact Laura via laura@thecowshedmedia.co.uk