GDPR-consent – included in Dramatify
If your production company resides within the European Union, or employ any citizen of the EU, your production needs to be compliant with the European General Data Protection Regulation concerning personal data. The Dramatify platform is fully compliant and can save you a lot of work!
What does GDPR mean for you?
The GDPR legislation is vast and can feel confusing, but for companies, it boils down to ten points:
- Know what personal data you have, and why you have it
- Manage the data in a structured way
- Know who is responsible for it
- Encrypt what you wouldn’t want to be disclosed and design a security-aware culture
- Understand that GDPR is not “an internet thing” but cover ALL personal data that your company files in an organised manner
- Have recorded consent to handle personal data
- Be transparent about how you manage personal data
- Know that the individual has the right to their personal data
- Be prepared to show an individual all the data you have on them upon request
- Be prepared – expect the best but prepare for the worst
What is personal data?
According to GDPR, “personal data” is any information that can identify someone, from a name, an identification number, location number, an online identifier. Included is also information like IP addresses and mobile device IDs, and personal information that has been encrypted. “Sensitive personal data” includes data like bank account numbers and health information.
Consent to handle personal information – built into Dramatify
In a production, you normally handle a lot of this information since you need contact information to crew and cast, preferably a picture of the person, gender and nationality, food preferences and allergies, work schedules, In Case of Emergency contacts etc. If you handle it with Dramatify, each person you invite to participate in your production on the Dramatify platform needs to consent, which means you can be sure everyone on your team has signed the consent. Here is a sample of the consent text.
The difference between personal and production data
In Dramatify, we have separated personal data from production data to a large degree.
Personal data like contact information, profile image, food preferences and allergies, health information, union, gender, nationality, skills and other information resides in the personal profile.
Production data starts with required information such as which role the user fills in the production and includes production notes, contracts and releases, if there are any individual meal cost settings, time reports, meal cost reports etc.
Normally, the production creates a membership for a cast or crew member (if one doesn’t already exist). The production may add personal information to a profile, before inviting the individual to take part in the production on Dramatify. When a user accepts an invitation for the first time, they “claim” their profile. This means that they from that moment on have complete control over which personal data exists in their profile. They can add, edit and remove information as well as delete their profile and account. However, someone thinking of deleting their account during an active production, is duly warned that it might cause them to lose payments, credits and other compensation of their participation.
One of the core tenets of GDPR is WHY you have certain data. In Dramatify, it is clearly marked for each user WHY they should add certain personal data, or if they do not need to add any.
A good example is union information. In some countries, you are paid the same for a certain professional role, regardless of which union you belong to. Then you naturally don’t have to add union information. However, in other countries, a union membership in one specific union carries a higher wage than membership in a competing union. Thus, which union you belong to is vital for correct wages and you should add that personal information.
Compliant with Dramatify
By using Dramatify, your production information and your team’s personal information is compliant with GDPR. In your production settings, you can add the name of the person who is the Data Protection Officer in your company. That person does not need to be a member of a Dramatify production or have a Dramatify profile.
All invited team members must consent to personal data processing
Each individual is in charge of their personal data
Clear explaination of why personal data is gathered and processed
Each individual can at anytime close their account and delete their profile
Top image by Pixabay (CC0).