my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Operations   » Ground Level   » GDPR and theatres

Author Topic: GDPR and theatres Frank Cox Film God Posts: 2234 From: Melville Saskatchewan Canada Registered: Apr 2011 posted 05-19-2018 01:57 AM                        I was just reading some articles about the impact of the EU's GDPR (alphabet soup anyone?) on small businesses and it occurs to me to ask what steps, if any, you folks who have theatres in the EU are taking to insure that you comply with that regulation. I operate a weekly email mailing list for my customers but since it's of local interest only and I'm not in the EU I don't see any way that it would have any impact on me. What about the rest of you fine folks?  |  IP: Logged Carsten Kurz Film God Posts: 4340 From: Cologne, NRW, Germany Registered: Aug 2009 posted 05-19-2018 05:48 AM                     Hah, very funny it comes up here as well...everyone is a bit overnervous here currently. - Carsten  |  IP: Logged Stephan Shelley Jedi Master Film Handler Posts: 854 From: castro valley, CA, usa Registered: Nov 2014 posted 05-19-2018 12:00 PM                     Call me clueless but what is GDPR?  |  IP: Logged Randy Stankey Film God Posts: 6539 From: Erie, Pennsylvania Registered: Jun 99 posted 05-19-2018 01:19 PM                     “General Data Protection Regulation” https://en.m.wikipedia.org/wiki/General_Data_Protection_Regulation It governs how the personal information of citizens of the European Union may be used and/or exported from Europe.  |  IP: Logged James Biggins Film Handler Posts: 31 From: Leicester U.K. Registered: Oct 2014 posted 05-19-2018 06:10 PM                     The implementation has caused more than a few headaches, but the principle, of giving people more control over how their personal data is used, can only be a good thing.  |  IP: Logged Marcel Birgelen Film God Posts: 3357 From: Maastricht, Limburg, Netherlands Registered: Feb 2012 posted 05-20-2018 01:51 AM                     It's a pretty far reaching law. For the average movie theater, the impact will be somewhat limited, although if you want to do it "right", then you'll have a lot of homework to do. Also, 8 of the 28 EU member countries haven't even finalized their own implementation of the law yet, so they're officially behind schedule and won't make the deadline. The EU also only formulates regulations, the member states have to implement their own laws based on those. The result is often interesting, as the differences between the implementations allow different interpretations on some key aspects... The law doesn't only apply to EU organizations, but also to international organizations dealing with EU organizations or citizens. The whole law/regulation in a nutshell: All organizations operating within the EU are required to: - Keep track of all the personal data they collect and maintain from all their customers. - Keep track of all the external entities with which they share this personal data and maintain a binding agreement with those entities that explicitly states the purpose and under which conditions this data can be used. - Install a "Data Protection Officer" who is responsible for the ongoing task of "Data Protection" inside the organization. - Ensure that all personal data will be either destroyed or "anonymized" when there is no longer any applicable use for the personal data being stored. There is also a requirement to ensure that all entities sharing the data do the same. - Formally report all leaks of personal data to the responsible reporting entity in the responsible member state, once such a leak has been detected. - Actively and unambiguously inform customers or individuals dealing with said organization about how they treat their personal information, where their personal information will be stored, with whom it will be shared and under what conditions it will be destroyed or anonymized. - Provide customers or individuals dealing with said organization with a complete extract of all the information stored about them, if he/she demands as such. I'm pretty sure that no company or organization of any measurable size will be entirely "GDPR compliant" on the 25th of May, when the legislation is going to be enforced (at least, if the member state you're operating in has installed their final version of the law yet).  |  IP: Logged David Buckley Jedi Master Film Handler Posts: 525 From: Oxford, N. Canterbury, New Zealand Registered: Aug 2004 posted 05-20-2018 10:39 PM                        That is interesting Marcel; the GDPR is a regulation, and an EU regulation as I understand does not need to be translated into local law in the same was that a directive does.  |  IP: Logged Marcel Birgelen Film God Posts: 3357 From: Maastricht, Limburg, Netherlands Registered: Feb 2012 posted 05-21-2018 01:03 AM                     There is indeed a difference between a EU directive and regulation. A regulation is effective and enforceable across all member states, even if the member states didn't implement local laws. It's still expected for the member states to implement relevant local laws though. The Dutch implementation of the GDPR is known as "AVG", which is a shorthand for "Algemene Verordening Gegevensbescherming" and for example, the German implementation is called "DSGVO", which stands for Datenschutz-Grundverordnung (which indeed sounds very German ). The GDPR is a somewhat different beast though, while itself is a regulation, it has been agreed upon that all member countries will implement local laws and accompanying procedures, before the deadline of 25th this very month. This also includes something like a "Governmental body" per member that actively monitors the compliance of the organizations active within the member's jurisdiction and also serves as forefront for privacy issues. So, data leaks need to be reported to this body and organizations and citizens can also file complaints regarding privacy issues to this same body. So, enforcement of the GDPR will be done on a member level, not on an EU level. Some members, like Belgium, haven't finished their implementation yet. Now, it would be interesting if they actively start to enforce Belgian companies, while their own government hasn't even sanctioned the local laws yet...  |  IP: Logged

All times are Central (GMT -6:00)

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.