With the EU’s General Data Protection Regulation (GDPR) coming into effect on the 25th May 2018, we have taken steps to make sure the StoryStream Content Marketing Platform™ is fully compliant to safeguard our customers, their content contributors, customers and fans.

Content Usage Rights

Social media content, whilst in the public domain, will be governed under GDPR regulations. As we’ve covered before, we recommend brands obtain permission to use consumers content through implied consent (such as via competitions) or explicit consent. This is still the case when GDPR comes in.

We’ve made this very easy for our customers to arrange with our Fanshare functionality which offers a flexible and customisable way to ask people if they are happy to share their content. Fanshare enables brands to incorporate their own terms and conditions into this workflow, demonstrating transparency of the process.

Rights approved content is clearly differentiated in the platform and is governed by a configurable workflow offering simple understanding of content status and rights.

The Right To Be Forgotten

Under GDPR, the right to be forgotten allows anyone to request that personal content or information is deleted, regardless of whether you’ve obtained permission previously or how long ago that was.

If a contributor contacts you and requests you remove content, you can immediately unpublish the content from your site or digital screens.To maintain compliance, StoryStream will also expunge all traces of content from the database.

To ensure this process is simple, requests to delete content must be forwarded on from the brand to StoryStream delete, along with some key information about the content to be removed such as;

  • The social platform the content came from
  • The customer’s username or handle
  • The content format and a brief description
  • The date of posting

The content will be fully deleted within 72hrs. Once removed StoryStream will confirm in writing ensuring an audit trail of the content removal is maintained.

StoryStream’s GDPR Relationship With Your Brand

In GDPR terms, StoryStream acts as a data processor on your behalf. Some data, depending on settings, is attached to the posts we collect. This can include:

  • Author name, screen name, handle or username
  • The content item, e.g. image, video or text
  • The source platform, e.g. Twitter, Instagram, YouTube or Facebook etc.
  • Location data including country, city, longitude and latitude
  • Date and time of content creation
  • The associated URL – the item’s original location

On request, all of this information will be purged from the database along with the content item/s.

If you have any queries, please contact your account manager who will happy to discuss any questions you may have.