Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

DPA (2018) & GDPR

The General Data Protection Regulations (GDPR) came into force in the UK from 25th May 2018. They are implemented alongside the Data Protection Act 2018 and both set out the data protection framework within the UK. 


Privacy Notices

When the AV team are requested to provide filming and recording services in person, the specific photography and video Privacy Notice attached at the end of this page, must be made available to attendees.

It should be amended by the event organizer and then made available to the AV Centre and attendees.


The Privacy Notice informs individuals what purpose the images or videos will be used for, and that images and videos must not be used for other purposes.

The Privacy Notice should be used in addition to visible posters for any event where filming has been requested. These posters must confirm that filming is taking place, what the purpose of the filming is, and how to opt out of being photographed or filmed.
Prior notice of filming must be given to event attendees. This can be done in a number of ways including via email, printed documents and/or the University website.




Arrangements should be made by the event organiser to procure all relevant permissions, copyright approval etc. and the wishes of individuals should be provided to camera operators or the AV Centre before the filming takes place, ideally in writing.

The easiest way to identify individuals on the day itself is through provision of coloured lanyards to individuals who have opted out of photography and video. This will enable camera operators to identify them and avoid including them in shots.

On the day the AV Centre staff (photographer/videographer) will be identifiable via a black shirt with the embroidered Audio Visual logo or an armband. Individuals can approach them to request that they not be filmed or photographed.

Anyone filmed can request their image/data is not used after the event. If you are unsure how this will affect your event, please contact the Information Governance team for advice, at dataprotection@york.ac.uk.



AV Centre process for securing data

Filmed in-person:

  • Filming takes place with privacy notice, visible signage and any copyright permissions evidenced
  • Footage copied onto local edit computers (requires keycard access to room and AV Centre staff login on computer). Original copies of footage kept in edit room.
  • Editing is specified by end client
  • Completed footage only sent to end client
  • All footage sent via Drop Off - IT Services file transfer service. Files are encrypted when sent. DropOff security
  • After completion - all files and edit projects archived onto secure IT Services filestores and all original files on SSD's or SD cards deleted permanently by formatting drives and cards.
  • Edit projects and all content deleted from IT Services filestores after 2 years unless there is a specific reason to keep it.

Recorded via Zoom (online web conferencing):

  • Individual participants to any zoom call must approve being recorded before they can join the Meeting or Webinar. If anyone requests not to be recorded, they will not be able to participate in or watch the online event but will be able to watch the recording at a later date.
  • Recording of an attendee is impossible if their microphone and camera remains muted - in a webinar scenario this will always be the case unless they specifically approve a request from the Host to unmute. The attendee in question will always have full control of their own  microphone and camera.
  • Recordings are copied onto edit computers. These are located either in locked locations on campus, not accessible to students or the public, or on computers at AV staff's home premises due to Covid working arrangements. Original copies of recordings remain on the Zoom servers.
  • Only edited/completed footage is sent to the end client.
  • All edited footage is sent via Drop Off. Files are encrypted when sent - DropOff security provides further information on this process.
  • After completion - all files and edit projects archived onto secure IT Services filestores and all original files on SSD's or SD cards deleted permanently by formatting drives and cards.
  • Edit projects and all content deleted from IT Services filestores after 2 years unless there is a specific reason to keep it.
  • For reports sent internally to University of York staff notice is given of the need to be in compliance with the University's Data Security Policies
  • All reports are sent via Drop Off - IT Services file transfer service. Files are encrypted when sent. DropOff security
  • For reports sent externally, notice is given that the data is of a confidential and personal nature and as such the receiving party must maintain adherence to GDPR requirements and data security principles. We may also delete any personal data before sending such reports.
  • Zoom have a GDPR policy and all recordings and reports are automatically deleted from their servers after 180 days.



Further Information

Further information regarding GDPR is available on the University Data Protection webpages, or by contacting the University's Information Governance Officer at dataprotection@york.ac.uk, and from the Information Commissioners Office.



Privacy Notice for Filming & Photography:

  • No labels