16 July 2018
GDPR: What Does It Mean for the Media Industry?
In a contributed byline for GDPR: REPORT, Sergey Bludov, SVP of Media and Entertainment at DataArt, discusses seven key rules that companies in the media industry should follow to ensure compliance with GDPR.
GDPR is intended to ensure transparency between individuals and the companies that collect and manage their personal data. For example, organisations who collect user information via a website form, allowing users to access content or interact with other users only after they have created an account, must clearly communicate how the data will be used. If an organisation plans to track a person’s activity on its website, the user must provide consent.
The are many hidden pitfalls for media companies to avoid. Sales and marketing teams have to be very careful when initiating any campaign, from sending out newsletters and cold calling to displaying paid ads. IT departments must ensure a secure and reliable data storage environment and that the tools required for managing data by both company employees and by customers themselves are in place.
Media organisations must be careful to collect only data that is required for the task at hand, as any information that is determined to be unnecessary violates GDPR stipulations.
Furthermore, if a company wants to share personal data with another organisation in any manner, they must first acquire consent from the individual.
All data collected must be stored in accordance with the provisions of the regulations, which state that companies must use “appropriate technical and organisational security measures” to protect personal data against unauthorised processing and accidental loss, disclosure, access, destruction, or alteration. To meet these requirements, data encryption or segregation from other information may be necessary.