Legal, Tax, and Accounting May 21, 2020

GDPR and user assets


Dear all, question about GDPR here :)

If I were to sell a service where a user sends me a video to comment on, and then I send back a written feedback response, should I be able to still see the video they sent after the sale is completed? I would imagine not, or I perhaps I could until they sent a 'delete my data' request.

Now the same question, but let's say that rather than written notes I sent them a video that showed me commenting on their video (picture in picture). That video is a 'hybrid' one showing us both. If they were to send a 'delete my data' request then presumably I would need to delete that 'hybrid' video also as they would be personally recognisable in it.

Of course in both cases where they want their data deleting then their name/email etc are to be deleted. I'm talking more about assets that they have sent and derived assets that I produce from those.

Thanks in advance :)

  1. 1

    What data is being shared between you and why? How does the data flow?

Recommended Posts