Are UK Production Companies prepared for GDPR in 2018

Rob Corlett

Business Development

As any UK content creator knows, there is a constant requirement for exchanging significant volumes of data internally and with clients whether showreels, scripts, storyboards or fully produced ready for broadcast shows.

Not sure if this has crossed your Radar as yet, but there is a new regulation coming into effect in 2018 which could have big implications for your business. The General Data Protection Regulation (GDPR) is the European Union’s new legislation to protect the personal data of EU citizens, and irrespective of Brexit, all UK companies need to comply.

There are many compliance issues. However, we should take into consideration the two following issues. How and where is your data is located (‘at rest’) and how is it distributed (‘in transit’). With the amount of content you have in development or stored, lots of companies are currently looking at cloud storage options. Under GDPR your appointed DPO (Data Protection Officer) would need to ensure you have thoroughly investigated where this data is located and whether GDPR security protocol regulations are being met.

This also applies to your content distribution platforms and how secure they are. For a lot of companies they may still be using services such as Dropbox where data is housed in various US locations and, with GDPR looming, they have opened a Frankfurt data centre. They have not been without security concerns with, as recently as August 2016, the leaking of reputedly 68 million account passwords. WeTransfer has followed a similar path with opening a European data centre, however, have you asked your media owner clients of their data storage and transit protocol guidelines? Many UK Public & Private Sector bodies are requiring their data to be housed in the UK, where we have some of the tightest Data Protection in the world and most stringent storage security.

At Crugo, our communication and file sharing platforms have all been built to be fully GDPR compliant. All data is stored on our own ‘cloud’ servers in the UK which are located in a Tier 4, ISO 27001 certified datacentre. This security not only applies to file sharing; our real-time communication platform is 256 bit encrypted with SHA-2 certification, unlike email services as the NHS recently found to their cost. And our communication and file sharing platforms are fully integrated, so to securely send an encrypted message and up to 5GB file to a client, it´s a one-click process. And this content is safely delivered by you, not a third party.

Its definitely worth having a look. Under GDPR there could be nasty fines; however, it’s the reputational damage to your organisation that could be damaging in the long term. Content Producers will be sharing highly confidential, and business sensitive information about their programming, and ensuring it´s secure, distributed and shared protects your relationships. Conversely, it’s a positive message to your media owners if you have assured their content is securely stored to their protocol standards, and that you have communication and content distribution platforms that will protect them.

If you would like to learn some more about Crugo, please visit or give us a call on 0800 0885084.

Some other articles you might be interested in…