Data Protection and the GDPR
The importance of data has never been more critical and crucial in any business and study than this past 2 decades. Data is being mined like the new gold rush in technology and is being peddled like the new currency. The demands for data accuracy that is accessible IRT anytime and anywhere dictate where researches and studies on data mining are leading to. However, there has been a surge of attacks on personal data security especially in Europe. Effective on 25th of May 2018, the European Commission will enforce the General Data Protection Regulation (GDPR), which is an EU-wide legislation designed to help consumers take control of their personal data. This would mean organizations like service providers (telecommunications, ISPs, healthcare service, etc.) will need to review their data storage security to protect their clients.
What will change if GDPR is implemented? GDPR sets new rules on how data should be collected; processed; retained and deleted that affects all EU subjects. It also determines the time to inform any security breach of information (72 hours). The fine for non-compliance to the regulations could reach a maximum of € 20 million or approximately equivalent to 4% of annual global turnover. The fine applies to both controllers and processors of information, meaning even “cloud” are not exempt from the regulation. GDPR also outlined a tiered approach to enforcing fines for breach of information such as “a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.”
Who is affected by the GDPR? “The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”
The next question would be how will GDPR affect the voice over business? Companies will have to review its standards and internal rules to comply with GDPR’s provisions. Voice over talent sites and companies will have to proactively justify its capturing and storage of conversations, demo recordings and personal information of its voice over talents.
GDPR goes beyond existing laws, putting consumer rights above those of organisations and stating six situations in which call recording is deemed lawful:
- The people involved in the call have given consent to be recorded.
- Recording is necessary for the fulfilment of a contract.
- Recording is necessary for fulfilling a legal requirement.
- Recording is necessary to protect the interests of one or more participants.
- Recording is in the public interest, or necessary for the exercise of official authority.
- Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call.
GDPR opens opportunities for voice over companies to review its current data security, improve its data sharing facilities for sharing information of a voice over talent to prospective clients and investing in technology and data security programs that will set you apart from other VO companies by putting clients’ first priority.