NAB Show: Convergent Risks CEO Preps Industry for GDPR

LAS VEGAS — If you’re a media and entertainment company that operates in the European Union, you’re probably already aware of the General Data Protection Regulation (GDPR), a new law that provides increased data protection for citizens, going into effect May 25.

It’s been two years coming, after all, and compliance with the law is absolutely paramount, according to Chris Johnson, CEO of Convergent Risks. Speaking April 8 at the Cyber Security & Content Protection Summit at the NAB Show, he stressed how the M&E sector — which informs its business model around collecting as much personal customer data as possible — will need to be on its toes when it comes to the law.

“It affects everyone, from crews and actors, through to marketing,” he said. “You need monitor the activity of third-party service providers, and the entire supply chain.”

The GDPR imposes new compliance obligations, requiring companies to conduct privacy impact assessments. If a data breach happens, businesses must report it within 72 hours. The appointment of a dedicated Data Protection Officer is mandatory. Consumers are given more rights around the data they share with companies. And the consequences for a company in violation of the law are astronomical: the maximum fine for a single breach can hit €20 million, or 4 percent of annual worldwide revenue for a company.

Johnson believes media and entertainment firms are among the most affected by the law, because of their reliance on consumer data to make content decisions. What works in the U.S. when it comes to consumer data privacy won’t fly anymore in the EU, thanks to GDPR, he noted.

“It’s about governance, securing the data properly, and training internally,” he said. And there are benefits for compliance: those companies that show they’re respecting consumer data will have a real commercial advantage over rivals, and will build a more secure, internal culture of security. And it doesn’t hurt that the consequences for running afoul of GDPR are so massive, he added.

“It’s not just about the money,” Johnson said. “There’s also the risk to your reputation.”

The half-day, inaugural Cyber Security & Content Protection Summit provided technology and business updates on cybersecurity and anti-piracy initiatives in both film and television. It was produced by the Media & Entertainment Services Alliance (MESA) and the Content Delivery & Security Association (CDSA), in cooperation with the NAB.

Microsoft Azure, Dolby, NAGRA, the Digital Watermarking Alliance and Convergent Risk sponsored the event.