This page will be updated with more information before 25th May 2018.
The GDPR covers all data controllers and data subjects based in the EU. It also applies to organizations based outside the EU that process the personal data of its residents.
We acknowledge that our company will be affected by GDPR, as we are located in EU, we have customers, suppliers and employees, including cast, & crew from EU countries. We also handle sensitive personal information covered by the GDPR directive.
This table shows purpose for use of personal information, types of personal information and time to store. For each processes, there will be a description how we follow the directive in more detail.
Contact information is internal identification id, name, physical adress information, contact address information. Social security number, ID-information etc are not stored unless needed for legal purposes.
Media as images, sound and video recordings could be sensitive personal data, therefore described separately.
Exceptions from GDPR for film production
This chart describes how we today, before legislation is in effect, see the exceptions on a high level from GDPR as a company in the business of making film productions.
For productions where there is a journalistic purpose, (news, some public events and documentaries ) we limit GDPR for media to
Accountability and Instant breach alerts. Proof of consent, Rights to erasure and Portability of data are not valid due to exceptions in GDPR for journalistic work.
For productions where there is a artistic purpose, (some public events, narratives and commercials) we limit GDPR for media to
Accountability, Proof of consent and Instant breach alerts. Rights to erasure and Portability of data are not valid due to exceptions in GDPR for artistic work.
These limitations are only valid for the process of film production. For other processes as sales, financials and others, we have full GDPR. For more information about our processes, se overview of quality system.
For all other type of productions, (private events and corporate) we fully follow GDPR, i.e. Accountability, Proof of consent, Instant breach alerts, Rights to erasure and Portability of data.