In this article:
- Who is this information for?
- What you will learn in this section?
- What is GDPR?
- What is PII?
- Why is GDPR Important?
- Business Confidential Information (BCI)
- GDPR the Gold Standard
- How we take care of PII & BCI
- Next Steps
Who is this information for?
This section is aimed at anyone involved in Digital Production but everyone in Encore can use this page to help them understand data protection and GDPR.
If we follow best practices, we will be covered for the different data compliance schemes around the world.
What you will learn in this section?
You will learn the key points about data protection and GDPR, why it is important to us and how we keep people's personal information safe. You will also learn how we keep our business information safe and our customers' business information safe.
What is GDPR?
GDPR (General Data Protection Regulation) is a European Union (EU) law that determines how the information of EU citizens can be used and should be cared for. The information that is protected is Personally Identifiable Information (often referred to as PII). This protection extends to anywhere in the world that this PII is held or used. GDPR lays out rules for this use.
Even if you are processing data outside of the EU, you are still bound by GDPR.
What is PII?
Personal data, PII (Personally Identifiable Information) means any information that, directly or indirectly, could identify a living person. Name, photo, phone number, and address are examples of personal data. Interests, information about past purchases, health, and online behavior are also considered personal data as they could identify a person.
Processing data means collecting, structuring, organizing, using, storing, sharing, disclosing, erasing and destruction of data. Each organization that processes personal data (which is every organization with employees and customers) must ensure that the personal data it uses fulfills the requirements of the GDPR.
Why is GDPR Important?
GDPR is important because we as an organization want to respect people's data. GDPR is also law and as such enforceable with potential massive fines and huge damage to reputation. The potential fines for a breach of GDPR are huge, up to 4% of global turnover, over $400 million in Encore's case.
Rules and governance are using the GDPR policies as best practice for data security, so even where GDPR might not be legally applicable – the principles and best practices are being followed and applied for all personal data – And this includes Encore.
Business Confidential Information (BCI)
When companies and organizations meet, they often do so to talk about their business. We see this information every day in presentations and rehearsals so we might forget that this Business Confidential Information should be kept private and not be shared. It is their private intellectual property and could be worth millions of dollars. If we mishandle this data, and it falls into the wrong hands, we can be fined directly by the regulatory bodies governing data security and it could cause losses to an organization which they may sue us for.
Think about the smiles on the lawyers' faces (not our lawyers, no smiles there) if we accidentally leaked a photo of the latest Nike trainer while we were taking pictures of the stage. I think we all have enough experience to recognize that the trainer should stay under wraps but what about the latest garbage disposal design, worth millions, you might not recognize the importance.
GDPR the Gold Standard
If we follow best practices for complying with GDPR then we will be in good shape for using and handling all data in compliance with many other laws around the world.
How we take care of PII & BCI
PII (Personally Identifiable Information)
We need to use PII for legitimate reasons with the permission of the individual person. We should only keep the information as long as the legitimate use requires, then we should delete it. We should only share the data with the people who specifically need to have access to it (and not with any other people).
To help with this, we store data securely and move data securely. We also store PII in a way that we can find it and delete it when the time comes.
Examples of permission: (more about this in the article Practical Data Handling in Encore)
- You can't take someone's Facebook profile picture and use it to promote a different event. You don't have a legitimate reason or specific permission.
- You can't take someone's Facebook profile picture and use it for an event at which they are presenting, you don't have specific permission.
- You can't use last year's photo for this year's event, you don't have specific permission for this specific event.
BCI (Business Confidential Information)
Business Confidential Information (BCI) is information that is confidential to an organization.
BCI may not always contain PII, however, it remains subject to data protection and we are required to protect this information in the same way as PII.
We must only use BCI specifically for the reasons that we have been given access to it, and only for as long as we legitimately need to, and share with only the people who specifically need to have access to that information.
We must not store or archive BCI beyond the end of a project – And that includes keeping copies of presentations or recordings for some other future need or anticipated project.
Clearly, we still have to take good care of BCI, both Encore’s and our customers’.
Next Steps
Learn about people who got it wrong and what it cost them. Learn about general data security, and how we work with data securely at Encore in Digital Production. Learn about data security for specific products like Chime or Content1.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article