GDPR (The General Data Protection Regulation) is a data privacy and security law drafted and passed by the EU requiring organizations to safeguard personal data and protect the privacy rights of anyone living within the EU. The regulation is hailed as a progressive approach to the proper handling of people’s personal data.
What has the GDPR changed? The GDPR has ensured, among other things:
- strengthening and expanding privacy rights;
- more responsibilities for organizations;
- the same, strong powers for all European privacy regulators, such as the power to impose fines of up to 20 million euros.
Below are 2 ways in which being GDPR compliant might need to be more uniquely applied to your video content.
- Lead generation
If you are using your video as a way to create or onboard new customers, GDPR compliance must be applied in the same way as with any other lead generation. Integrating with your CRM or otherwise tracking your viewers, including analytics such as number of views or demographics, will require careful application of GDPR guidelines. The first step is to look at your video content and work out whether watching one of your videos would lead to any personal information being tracked or stored. This includes on the platform itself, or whether the video or ensuing actions (such as a sign up, buying access to videos, preference options, etc) are used to collect data.
Despite a few scaremongering myths going around, GDPR does not mean that you can no longer film in any public space for fear of capturing someone in the background. Whilst you do need to ensure that you have complete consent from everyone on camera (and that consent recorded in accordance with GDPR guidelines), you are still able to film crowds and groups of people as long as there is a notification somewhere that filming is taking place. This would mean that someone could get in contact with you if they want to be removed from the video or avoided.Where GDPR does become a little trickier is an individual’s right to have their data deleted upon request. It is certainly easier to delete information from a spreadsheet than delete a person’s identifying features from a fully produced video. Here, an element of GDPR called ‘legitimate interest’ is key. This means that a ‘real business interest’ is being pursued in the processing of a person’s data, and if this processing is absolutely necessary for the business and can be balanced against the rights and freedoms of data subjects, then you can continue to show a video of a person even if their consent is drawn. The best way to prepare for such a scenario is to ensure that all of the correct consent is collected at the very beginning, and in a way that is GDPR compliant.