How GDPR effects video production and marketing

The General Data Protection Regulation (GDPR) has been hitting the headlines for years, but in May 2018 the two year post-adoption grace period was finished. The law is now fully enforced, making it an essential piece of legislation for organizations over the world to understand and implement.

GDPR impacts a number of obvious areas: email lists, customer databases, website cookies, credit card information.

But there is one area that needs the same level of consideration: video content.

We’ve all heard the acronym GDPR thrown around and have by now (hopefully) taken steps to make sure our organizations are compliant. GDPR (known as AVG or Algemene Verordening Gegevensbescherming in the Netherlands) is the regulation of any sort of data that websites of businesses, brands, organizations – anyone on the internet – collect. 

That data might be from a person signing up for an email subscription, an online customer buying products, someone browsing an organization’s website, or otherwise interacting with brands, advertising or other online media. Such as a person buying access to watch a video online.

No matter how big or small the data is, this new legislation is an all-encompassing piece of privacy regulation, and being GDPR/AVG compliant now that the grace period is over is vital.

There are 7 principles which GDPR is built around:

GDPR was created to ensure trust between those whose data is collected whilst they move through the internet, and those that collect said data. The new regulation enforces that trust and holds businesses to previously unseen high standards. The word ‘consent’ is key in complying with GDPR: businesses must make sure that any data collected is done so after explicit consent from individuals. 

With these concepts in mind, how does GDPR law affect filming and video production in terms of creating content, and distributing this content to consumers? 

Video marketing is like any other kind of marketing, and GDPR technicalities apply here just as strongly.

But below are 2 ways in which being GDPR compliant might need to be more uniquely applied to your video content.

1. Lead generation

   If you are using your video as a way to create or onboard new customers, GDPR compliance must be applied in the same way as with any other lead generation. Integrating with your CRM or otherwise tracking your viewers, including analytics such as number of views or demographics, will require careful application of GDPR guidelines.

   The first step is to look at your video content and work out whether watching one of your videos would lead to any personal information being tracked or stored. This includes on the platform itself, or whether the video or ensuing actions (such as a sign up, buying access to videos, preference options, etc) are used to collect data.

2. Filming

   Despite a few scaremongering myths going around, GDPR does not mean that you can no longer film in any public space for fear of capturing someone in the background. Whilst you do need to ensure that you have complete consent from everyone on camera (and that consent recorded in accordance with GDPR guidelines), you are still able to film crowds and groups of people as long as there is a notification somewhere that filming is taking place. This would mean that someone could get in contact with you if they want to be removed from the video or avoided.

   Where GDPR does become a little trickier is an individual’s right to have their data deleted upon request. It is certainly easier to delete information from a spreadsheet than delete a person’s identifying features from a fully produced video. Here, an element of GDPR called ‘legitimate interest’ is key. This means that a ‘real business interest’ is being pursued in the processing of a person’s data, and if this processing is absolutely necessary for the business and can be balanced against the rights and freedoms of data subjects, then you can continue to show a video of a person even if their consent is drawn. The best way to prepare for such a scenario is to ensure that all of the correct consent is collected at the very beginning, and in a way that is GDPR compliant.

Whilst it may seem like the simplest solution is to have your videos hosted somewhere GDPR compliant, the obvious candidates are not necessarily the best option. Why? Data Processing Agreements. These agreements exist to ensure that the data processor (in this case the video host) is processing data correctly within current rules and regulations. These sorts of contracts were around before GDPR, but it is especially important to seek these out if you are going to be hosting your videos on any kind of platform.

It is not currently possible to sign Data Processing Agreements with either YouTube or Vimeo. With unique video platforms offered by organizations such as VIXY, these Data Processing Agreements are possible.

If all of the above sounded like a headache, then you wouldn’t be the first to think that. Now that the grace period is over many organizations are discovering new bumps in the road to being fully GDPR compliant.

As mentioned before when it comes to GDPR there are inherent pitfalls in hosting your video content marketing on free websites such as Vimeo or YouTube. Add that to other downfalls – a lack of personalisation, ownership, security, uniqueness and control over your organization’s content – and the solution of a personalized online video platform for your business becomes the best option.

VIXY offers organizations a chance to professionally manage, publish and analyze their video content. As well as making sure your video content is being created, hosted and promoted in the best ways for your business, VIXY can offer peace of mind. With a centralized video platform it is easier to see what a customer’s journey is through your video content marketing strategy, and even clearer to see what data you are collecting. VIXY is a great way to help cure the GDPR headache and at the same time enhance your video content in the way it deserves.