The General Data Protection Regulation (“GDPR”) is the EU’s new law that protects European citizen’s data. It came into effect on May 25, 2018 to protect EU residents’ individual rights to online privacy, even when they are outside the EU.
This regulation affects how companies of all kinds around the world collect and use EU customer data. If you’re curious about all the implications that come with this new law, we encourage you to read up on the GDPR legislation in detail.
Over the past few weeks, we at Uscreen have been working hard to make sure we comply with the new GDPR. The Uscreen team is also building tools to make sure Uscreen video on demand websites (VODs) are as GDPR-compliant as possible.
What the GDPR Means for Uscreen Store Owners and End Users
As a Uscreen video store owner, you may be wondering if you need to comply with this new regulation. There is a good chance that you need to comply, since the GDPR applies to any company involved in processing personal data of EU citizens, regardless of where the company itself is established.
From now, as a rule of thumb, you will need to comply to the GDPR if you collect and store any EU residents personal data – that includes anything as simple as processing names and email addresses of customers signing up to your VOD service.
The GDPR’s main impact on Uscreen store owners and their end users has to do with:
- Processing data requests (“right to be forgotten” and “right of access”)
- Freely given consent to send information via email
- Handling data sent to third-party services (subprocessors)
While the Uscreen team is building tools to make your Uscreen VOD as GDPR-compliant as possible, the responsibility still lies on you as the VOD owner. That’s why we recommend, as we have always recommended in the past, to seek your own legal counseling to make sure everything is in order.
Tools Uscreen Is Building to Help Store Owners Comply
Here are some of the tools and processes that we’re working on to help make Uscreen VODs as GDR-compliant as possible:
Easily Handle End User Data & Requests
VOD owners and publishers are responsible for handling End User data requests. Data requests can come in two forms:
- Right of access (data export)
- Right to be forgotten (data deletion)
You will be able to perform either of these actions for a particular End User by going into their profile via Customers > Edit that specific customer and perform the actions above.
From this page, you will also be able to delete the End User and all of their data, which will remove all personally identifiable information from the Uscreen platform (End User name, email address, video activity, etc.).
GDPR-Friendly Consent Checkboxes When Collecting Email Addresses
Another change with the GDPR is that you may need explicit consent to email users that sign up to your VOD. The most straightforward way to handle this is to include a consent checkbox that the user must click in order to opt into receiving emails.
On Uscreen’s checkout pages, if you enable the terms and conditions setting found in Settings under the General tab by inputting your own terms and services URL, automatically a checkbox will require the user’s consent to store and send them emails via the platform. This box only appears by default if you input terms and service URL on the settings > general tab page.
Pass Unsubscribe Events to Third-Party Services via Zapier
Another major aspect of the GDPR that business owners need to consider is how sub-processors process user data. A subprocessor is a third-party data processor. A common example for VOD owners could be your email services provider, like MailChimp, ConvertKit, or Aweber.
To help manage the relationship between VOD End User data and third-party service providers, we’ll be passing unsubscribe events through Zapier. For example, you could set up a Zapier action so that when an End User unsubscribes from your VOD’s email updates, that End User will also be unsubscribed from your third-party email service providers such as Mailchimp or ConvertKit.
This way, your users won’t receive further emails from any source, and since it will happen automatically, there’s no hassle for you either.
More Info About How Uscreen Is Preparing
Uscreen processes a lot of data from all over the world and has always taken protecting this data very seriously. To keep up with the new GDPR standard, Uscreen is taking a number of actions to make sure it’s entirely compliant. Here are a few things we’re doing to keep our data safe:
Consulting Legal Counsel
Uscreen is reviewing its processes with legal consultants to make sure it’s compliant with GDPR.
Uscreen is preparing revisions to the following documents that will include disclosures required by the GDPR:
Erasing and Exporting Store Owner Data by Request
Another feature we’re in the processes of implementing is a process for EU users to request an export if their personal data collected by Uscreen, as well as a request for deletion of said data entirely. To such a process, please contact us at email@example.com.
Additional Compliance Suggestions for Store Owners
DISCLAIMER: The following suggestions should not be considered legal advice from Uscreen for complying with the GDPR. It is a general explanation that covers the things we at Uscreen are doing to help VOD owners comply. Individual situations may vary. Please consult with an attorney or other legal professionals, if you’d like specific advice on complying with the GDPR rules.
Familiarize Yourself With the Requirements of the GDPR
Here are a few resources you may find useful:
- Online version of official regulation (gdpr-info.eu)
- GDPR Key Changes (GDPR.eu)
- Guide to the General Data Protection Regulation (GDPR) (ico.org.uk)
- General Data Protection Regulation (GDPR) FAQs for small organizations (ico.org.uk)
Review Your Subprocessors
Over the following weeks, we will be updating this article to reflect ongoing GDPR-related progress on our tools and processes. In the meantime, if you have GDPR-specific questions as a Uscreen VOD owner, please email firstname.lastname@example.org