jacobhs Posted April 30, 2018 Share Posted April 30, 2018 Hi everyone, As the deadline for the new GDPR regulations is soon (here in the UK at least) I was wondering how stage management teams are dealing with them. My understanding is still limited about it all so I'm trying to get up to speed with it, but as I understand it any freelancer who holds personal data about someone counts, and has to have a policy about how they manage that data. In my case it's contact details, things like next of kin info, and that's probably about it. But I know that company managers deal with much more info and so presumably are going to have to find ways to keep it that comply with the rules. People who run theatre companies, venues etc will also be affected to a greater extent I suppose as they will have mailing lists etc - I know that people are sending out emails to ask for consent to keep our details for the purposes of marketing after the May 25(?) deadline. Would love to hear how people are going to work with it from small scale right up to big institutions. Especially interested in how sharing between freelancers (for example between a SM and their team, all of who may be freelancers) may work... things like shared contact lists in an email are going to be a no no under the rules I think. Bit of a ramble for a first post sorry. Look forward to everyone's ideas. JS Link to comment Share on other sites More sharing options...
IRW Posted April 30, 2018 Share Posted April 30, 2018 things like shared contact lists in an email are going to be a no no under the rules I think. Slight tangent, but one which may be of relevance- I've never been a fan of sending out unprotected contact lists. Whenever I have to do it, I will email out a password protected file and text the password to anyone on it. Link to comment Share on other sites More sharing options...
lonemorf Posted April 30, 2018 Share Posted April 30, 2018 I have to work on this at a global scale (GDPR does affect businesses globally!), and the easiest way I can describe this is essentially likening it to other things we already do. Think of it as a FRA or RAMS for Data, and your staff need to be trained accordingly, contractors need processes, then all of your and clients need to be told what you are gathering, why, and what you are doing with it, and they need to consent. Your suppliers need to be doing this to you too! Its a big giant clusterf**k in the making tbh - I have already hit instances of customers saying "this is the policy we want you to abide by", which contradicts ours.................. Link to comment Share on other sites More sharing options...
kerry davies Posted April 30, 2018 Share Posted April 30, 2018 Short answer? I retired so don't need to deal with it. However, the ICO sent me lots of bumff some time back and just now checking the website they have a "self-assessment" tool thingy which at first glance might be useful. They appear to have various sections on the website dealing with small businesses so I would start there. As for it being an accident waiting to happen, that is what many thought about CDM Regs only to find that most non-cowboy reputable firms had been doing it, or something incredibly close to it, in our game for years. Link to comment Share on other sites More sharing options...
Ynot Posted April 30, 2018 Share Posted April 30, 2018 Its a big giant clusterf**k in the making tbh - I have already hit instances of customers saying "this is the policy we want you to abide by", which contradicts ours..................I'll echo this...!! My rather large corporate bosses in the day job (IMHO) over-reacted big time - or more accurately the consultant team who they employed to look at the 'problem' did so. When we first had the meetings many months ago (2 years maybe...) there were spreadsheets GALORE to fill in with what seemed to be (and still do) meaningless questions about what data we hold on some of our databases and whether we could both retrieve and/or delete said data at the request of customers, suppliers, or employees. Whichever way you looked at it the sort of thing they were asking were next to impossible without destroying the validity of the database. The ESSENCE of the GDPR is relatively simple - and the ideal of protecting everyone's personal data is laudable. but like many other things, there are a LOT of companies out there making HUGE sums of cash interpreting and re-interpreting the guidelines and few of them actually agree 100% on everything so the advice going out is contradictory and often misleading. Which means those companies make MORE wonga re-explaining everything again. Link to comment Share on other sites More sharing options...
Stuart91 Posted April 30, 2018 Share Posted April 30, 2018 I've been amused by the amount of unsolicited spam emails we have been receiving recently, from companies offering to help us with our GDPR compliance... Link to comment Share on other sites More sharing options...
paulears Posted May 1, 2018 Share Posted May 1, 2018 In started to do Kerry's compliance questionnaire but by the end of the first page it was all nos, and I didn't understand the questions, so clearly I'm a fail. I don't even understand many of the questions! Link to comment Share on other sites More sharing options...
Ynot Posted May 1, 2018 Share Posted May 1, 2018 In started to do Kerry's compliance questionnaire but by the end of the first page it was all nos, and I didn't understand the questions, so clearly I'm a fail. I don't even understand many of the questions!You're clearly one of those who therefore needs to pay someone hundreds of pounds then to advise you on the GDPR... /TIC:D Link to comment Share on other sites More sharing options...
jacobhs Posted May 1, 2018 Author Share Posted May 1, 2018 So far the answer then is that no-one is dealing with them :) The self assessment tool is quite useful actually isn't it. And fairly clear. I too have seen lots of companies over-react. But most are either under-reacting entirely or completely unaware of it. Next month is going to be a shock for some people I think. Do SMs and PMs count as data controllers or data processors? The ICO page seems to suggest processors but it looks a bit fuzzy to me. I had a look for info for freelancers and it's pretty confusing tbh. Link to comment Share on other sites More sharing options...
sandall Posted May 1, 2018 Share Posted May 1, 2018 Not wishing to divert the thread, but this all reminds me of Year 2K, & the stupidity & money-wasting surrounding that. Link to comment Share on other sites More sharing options...
kitlane Posted May 1, 2018 Share Posted May 1, 2018 Not wishing to divert the thread, but this all reminds me of Year 2K, & the stupidity & money-wasting surrounding that. I think I may be the only person that believes that part of the reason that Y2K was a non-event was because people had actually checked their systems and fixed any problems they found. Link to comment Share on other sites More sharing options...
alistermorton Posted May 1, 2018 Share Posted May 1, 2018 Not wishing to divert the thread, but this all reminds me of Year 2K, & the stupidity & money-wasting surrounding that. I think I may be the only person that believes that part of the reason that Y2K was a non-event was because people had actually checked their systems and fixed any problems they found. You aren't, but it's a useful stick for the media to use to beat support/tech people with - nothing happened so why the panic? Err, well, nothing happened because we spent a long time making sure it wouldn't. Link to comment Share on other sites More sharing options...
lonemorf Posted May 1, 2018 Share Posted May 1, 2018 My other observation, on the back of all the spammy conslutants (not a typo) trying to get work out of this, we will probably see a new breed of no win no fee data ambulance chasers making everyones lives a misery too. Not sure how it would work (can you be personally compensated? No idea!), but I can guarantee you that some shyster is dreaming something up as we speak. Link to comment Share on other sites More sharing options...
Stuart91 Posted May 1, 2018 Share Posted May 1, 2018 we will probably see a new breed of no win no fee data ambulance chasers making everyones lives a misery too. Not sure how it would work (can you be personally compensated? No idea!), but I can guarantee you that some shyster is dreaming something up as we speak. Yep. Someone I know who is in charge of dealing with GDPR for a reasonably big organisation told me "this could be bigger than PPI" Link to comment Share on other sites More sharing options...
sandall Posted May 1, 2018 Share Posted May 1, 2018 Not wishing to divert the thread, but this all reminds me of Year 2K, & the stupidity & money-wasting surrounding that.I think I may be the only person that believes that part of the reason that Y2K was a non-event was because people had actually checked their systems and fixed any problems they found.You aren't, but it's a useful stick for the media to use to beat support/tech people with - nothing happened so why the panic? Err, well, nothing happened because we spent a long time making sure it wouldn't.(Still off-topic) - Indeed, but a lot of tech authors, IT "consultants" & computer dealers made a killing before the event, & a lot of time & effort was wasted explaining how things like passive loudspeakers or kettles really were "Y2K compliant". If anyone is interested in the background (& some of the consequences) of Y2K, Prof. Martyn Thomas gave a really interesting lecture last year https://www.gresham....happened-in-y2k (Text, audio & powerpoints downloadable on RHS of page). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.