GDPR Regulations and the EU OTT Space

Dimitar Serafimov | Tue Oct 31 2017 | Industry insights

Cleeng news - OTT and GDPR

With the growth and demand of any emerging entity, certain rules and regulations begin to evolve- and SVOD is no exception. GDPR is one big legislative update that affects OTT businesses in Europe

The GDPR, General Data Protection Regulation, requires businesses to protect the personal data as well as the privacy of EU citizens for transactions carried out within EU member states.

Essentially, all companies that collect data on EU citizens will need to comply with a stringent set of new rules regarding the protection of customer data within the 12 months.

The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights when it comes to personal data, but companies, including those operating within the OTT and SVOD sector, will feel the strain as they put systems and processes in place to comply. These new regulations will prove a great challenge for many.

According to a recent PwC survey, 68% of US-based businesses expect to spend $1 million to $10 million to meet GDPR standards within the next year. And, a further 9% expect to spend an excess of $10 million.

It's clear that the new regulations set by the GDPR will present difficulties for a host of businesses operating within the member states, but who will it affect exactly?

You will need to comply if you:

  • Have a presence in an EU country.
  • Don't have a presence in the EU, but process the personal data of European residents.
  • You have more than 250 employees.
  • You have fewer than 250 employees but your data-processing impacts the rights of data subjects or includes certain kinds of sensitive personal data. Of course, this means that almost all companies will need to comply. A PwC survey discovered that 92% of U.S. companies consider GDPR a number one data protection priority.

How does this affect OTT, specifically?

In a bid to keep competition healthy and create a level playing field for all OTT and telco companies operating within the EU, the GDPR have honed in the data handling of OTT and SVOD providers.

Here’s how these new regulations will affect OTT providers in particular:

  • Online identifiers including IP addresses, cookies or device identifiers are now considered personal data. As such, the GDPR states that TV and OTT providers must comply with the protection of such data.
  • The legal justification of personal data processing is to become more stringent than ever for OTT service providers operating in the EU.
  • OTT service providers will have far more responsibility for data processing activities performed by third-party suppliers with particular rules of engagement between the two entities (the supplier and the third-party supplier).
  • Solid data privacy will become a standard core component of any application or any service from the very outset.

Find the full document with all the details here. We also prepared a presentation that summarizes the key GDPR aspects along with a practical guide for GDPR compliance.

These new GDPR regulations will certainly present a challenge for OTT providers the world over, with personal data protection now becoming a top priority. But despite these somewhat daunting challenges, by taking action now, acting methodically and keeping your eyes firmly on the rules, you will be able to deal with these changes both swiftly and successfully. Best of luck.

Cleeng SRM Product