Digital Strategy, Digital Transformation, Music

GDPR Overview 2018

What do the data regulation changes mean for artists around the world 

GDPR Definition
The General Data Protection Regulation (GDPR) is a regulation created by the EU to cover the usage and data protection for individuals within the European Union. 
It requires that certain conditions be met when companies are handling data of any citizen of the European Union. In practise, this means that companies which reside outside of the EU, such as the USA or Australia, or perhaps in future, the UK, need to ensure their compliance with these regulations if they have customers from the EU whose data they hold.
The intention is to make sure that all of the EU follows the same regulations, simplifying the requirements for companies so that they have one set of guidelines to follow, instead of lots of fragmented requirements from different countries.
Companies who do not comply with the regulations can be fined up to 4% of annual global turnover or 20 million euros, whichever is higher.


When does the GDPR come into effect?
It becomes officially enforceable on May 25 2018, so now is the time to begin taking the required steps to ensure that your company is abiding by the regulation.
If you are an independent artist who is collecting the data of your fans (from email newsletters, or through other means), it is important that either you dedicate some time to understanding the regulations, or find a digital music marketing consultant to help you navigate them.


What kinds of data are covered?
The regulations apply to the personal data of EU citizens. This could be anything from:
– Name
– Address
– Email Address
– Computer IP Address
– Likes / Dislikes
– Photos
– Products they have purchased
– Social Networking Information

What are the GDPR requirements?
The regulations are designed to be ‘common sense’ and primarily consist of:
– Ensuring that any request for storing data is in plain and clear English
– That it is as easy for a person to give their consent to you storing their data as it is for them to withdraw that consent
– A person should be able to request that they view all data held on them, are provided with information on where it’s held and for what purpose
– A person should be able to request the deletion of any data held on them
– Parental consent is required to store data of any person under the age of 16
– Companies should take reasonable steps to protect the data they are holding
– Companies should report any breach in their database within 72 hours
– Companies who are organisations that engage in large scale data monitoring or processing should have a Data Protection Officer – a person who is the first point of contact for all things data
We recommend that you start with the above points as a checklist and then talk to a digital marketing specialist for a deeper understanding.


How will it impact Artists inside or outside the EU?
The easiest way to demonstrate how GDPR will impact artists is to look at an example. Let’s say you are a UK based band who currently collects only email addresses but is looking at ways to build their own fanbase 1st party data in future.
For your current scenario, you need to ensure that you are, in the first instance, taking reasonable steps to ensure that the users who are signing up for your mailing list are over 16 years old. You could do this via a confirmation check-box before the person is able to submit their details. You’ll need to ensure that it is as easy to unsubscribe from your mailing list as it was to sign up. A good way of doing this is to ensure all your EDMs contain an ‘unsubscribe’ link, and that nearby your Newsletter Sign-Up on your website you have a link to unsubscribe. You should have a clearly marked “Contact Us” page or information to allow visitors to contact you to request info on the data you are holding on them. 
For your future scenario, where you are using a data management or CRM platform to build out a detailed image of each of your customers, you should investigate the platforms own implementation of regulations with regards to GDPR as well as ensuring that it is easy to contact you for information and requests.