As we have all seen over recent weeks, the EU is being in new regulations for Data Protection, this is the first update to UK Data Protection Laws since 2008. It will cover every state in the EU with no exemptions. Whilst this doesn’t actually come into forces until 25th May 2018, due to Brexit it has already been signed in to UK legislation ahead of us leaving the EU, so even once we have left it will be apply.

So what is GDPR? What is about? And how does it affect the Arts Industry?

GDPR is the way personal data held by companies on individuals is gathered, used and stored and it affects every business and industry in Europe and theatre and entertainment are no exemption.

The key to this regulator is to be able to prove by creating some form of paper trail that you have explicit permission to have the information on individual, and that you are using it only for the purpose for which you have gathered it. This update to legislation gives the consumer more control over where the data is held, meaning that they can revoke their permission at any time and should this happen then all traces and information you hold on that individual MUST be completely deleted from all company systems.

It is about only having personal information for as long as you need it, when the permission expires or is revoked the information is deleted completed from the system.

The other big game changer is that if your system his hacked and personal details are stolen then you must report the incident to all those who’s details were lost or stolen within a time frame.

All data storage systems will be subject to checked and inspected by external enforcements. If a company or individual is found breach of the regulations penalties and hefty fines can be imposed, even possible imprisonment.

On top of this all businesses and companies that collect personal data must have a Privacy Policy that can be inspected by the their customers and clients.

More information on GDPR can be found at: