The 2018 GDRP has finally arrived and will be in place on May 25. This new regulation aims to make companies and their subcontractors responsible for the use, prevention and protection of personal data.
As a VOD platform or streaming site owner, you are subject to this legislation, since you collect and use data from your customers.
OKAST helps you to be compliant by taking this few steps :
You will need to add the following information:
- what kind of data is collected, for what purpose (sending information, improving the site etc…)
- the data retention period (generally the contact details of a client who does not respond to any solicitation or who is no longer a customer must be deleted after 3 years)
- the right for your users to modify, rectify or delete data on their request
- optional: the person in your team responsible for data protection
2/ Make sure you have a clear opt-in for sending promotional or marketing emails
As a VOD service, you collect email addresses, especially when a new customer registers. If you wish to send emails to these customers for other purposes, for example, to offer them to purchase other content or to subscribe to another of your offers, you must ensure that they first check a box stating “I agree to receive video content recommendations and exclusive promotional offers”.
3/ Clean your database
Simply ask your current customers if they wish to continue receiving promotional information from you. Now you need their explicit consent, so ask for it before you send other emails.
4/ Create a data register
It is now mandatory to keep a table with all transactions made. The purpose of this table is to anticipate any potential risks and to facilitate controls.
The GDPR does not impose a specific document format. You will simply have to give a certain amount of information:
Personal information (last name, first name, email addresses etc.)
The purposes of the processing (to create an account, to send promotional offers etc…)
Descriptions of the categories of data subjects and categories of personal data
The categories of recipients to whom the personal data have been communicated
The time limit for deletion
A general description of the technical and organizational security measures to protect this information.
If you are using OKAST, you can export your customers’ data easily.
For information, you are responsible for your customers’ data. Therefore you must ensure their safety. In the event of a data security breach, you must inform the supervisory authority and the persons concerned within 72 hours of becoming aware of the problem.
If you have outsourced some of your services/products (such as your video solution) you must ensure that the subcontractor is compliant with this new regulation, and has taken measures to ensure the security of user’s data.
If you are an OKAST customer, keep cool we are taking this very seriously and we can assure that we only work with service providers which comply with this new standard.
In order to help you comply with these rules, OKAST has set up a checkbox at registration on your platform to obtain the user’s consent to the use of his data.
To access to our confidentiality policy: https://okast.tv/politique-de-confidentialite/
Please note: this note is not intended to be exhaustive, and being fully compliant to the GDRP regulation is your responsibility. To go further and find out all the changes, here are more info: