Have you notice the sudden change in personal data collection notices and/or policies on the websites or have received emails from many companies in relation to personal data privacy lately? There is a good reason for that, “GDPR.” No matter which industry you are in and the role you play, chances are in the past few years you have come across the term “GDPR.” It has been one of the biggest buzzwords for people or corporations who are either, a) belong to the European Union, or b) have dealings with people or corporations who belong to the European Union.
So what exactly is this “GDPR” and how does it effect film makers? I am going to deviate from most articles written for those who are in compliance and regulatory industry and instead focus on film makers and the film industry.
In simple terms, “GDPR” (General Data Protection Regulation) is the latest regulation regarding personal data privacy implemented by the European Union and came into effect since 25th May 2018. It established the standards and rules governing how companies handle the personal data collected. Non-compliance may result in penalties such as monetary fines. It is not only applicable to companies who are established or operates within the countries of the European Union, but also covers foreign companies who collects or holds personal data of any individual who is from a European Union country. To put it simply, if your company is of, or operating in, or offer goods/services or monitor the behavior of subjects, within any countries that are a member of the European Union, GDPR’s regulations would apply.
Under GDPR, any information related to a natural subject that can be used directly or indirectly to identify the person constitutes personal data and therefore regulated thereunder. Therefore, as a film maker, if you shoot, produce, finance, co-produce, co-finance a film with and/or in any European Union country, person, or company, it is almost certain that you will be required to comply with GDPR.
As a result, it is advisable for all film makers to look into GDPR and implement and/or change your policy and way of handling personal data in order to avoid potential issues that may arise out of GDPR. Alternatively, engage a personal data privacy consultant or a lawyer to make sure your current business is in compliance with GDPR.