GDPR, trust and user-generated content at work

by | Resources

User-generated content (UGC) reigns as top dog in the consumer marketing space with lots of research, including Nielsen’s Consumer Trust Index, showing that people trust peer reviews and media content more than any other source of advertising. UGC is also a rapidly growing area of the employee experience as businesses strive for more open workplace cultures to make it easier for people to collaborate and learn from each other. Video is the richest of the UGC formats and specialist tools like StoryTagger are being successfully adopted as part of the enterprise tech stack.

Of course, with freedom comes responsibility and every enterprise that wants to dig this rich seam of employee experience, expertise and advocacy needs to make sure they have appropriate privacy policies and GDPR management in place. Behind every piece of user-generated content is a real person for whom this content is an extension of their own personal brand and digital footprint. The success of UGC is founded on authenticity and trust so it’s essential to take a 360 approach to maintaining this during the curation and distribution process.

It might not be considered the sexiest discipline in the world but as we trust more and more of our data to the cloud, data security and the ‘right to be forgotten’ are vital factors in any user-generated content campaign. The good news is that StoryTagger takes care of this for you and we’ve now added another layer of GDPR management so you’re able to secure extra consent from creators for specific uses and channels.

What is GDPR?

GDPR protects our individual rights to personal privacy and has been a key tool in supporting user trust in marketing and business since it came into force in 2018. Whether you see it as a legal and administrative headache or an opportunity to engage your workforce and audience it helps engender trust whilst protecting individuals and business.

The GDPR sets out seven key principles which you’ll need to comply with when curating user-generated content:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

For the full legal low down check out


There is no doubt that the 2018 GDPR significantly raised the importance of the issue in the UK and EU, with the regulators readily enforcing the rules for non-compliance and data breaches. But as a result of the publicity generated by the GDPR users are also now more aware than ever of their data protection rights. UGC platforms, like many others, need therefore to ensure that not only do they obtain the correct privacy and data permissions at sign-up but that they see this as a continuing obligation. As services and product features evolve so platforms need to be transparent as to the potentially changing ways in which data may be collected or used, and to obtain any new user permissions necessary.


Scott Appleton, Head of Technology, Moore Law


Why GDPR is a must have for user generated content

User-generated content is everywhere – it’s become an integral part of how we work, learn, socialise and entertain not only ourselves but also each other. People care about how they’re represented and understandably want to have control over their online profiles and assets plus know how their contribution is being used or amplified. Giving people the opportunity to confirm and revoke consent is not only a legal requirement it also builds trust. In fact, user-generated content for learning and work can make a very positive contribution to how an individual is perceived online. It gives people an opportunity to demonstrate what they’ve achieved, what challenges they’ve overcome, what they’ve learned, all to help themselves and others.

How can you support compliance as a video content curator?

Remember the video release form. It’s an old-fashioned but functional way to secure consent from individuals you’ve filmed for the right to publish their image. With UGC this can be a real headache as you won’t be there pushing a pen and paper under their nose to claim that signature. And, if you find yourself capturing media assets from a variety of different apps and devices then the whole task will become very complex and cumbersome.

Six actions to support compliance and build trust:

  1. Clearly communicate why you’re asking your people to contribute UGC, what it’s going to be used for and through what channels
  2. Understand your own company privacy policy and employee contract
  3. Make sure there is an appropriate review and approval process in place
  4. Request consent and allow people to revoke consent if situations change
  5. Have a workflow in place for deleting an individual’s user generated content when use for it has expired or consent is revoked
  6. Keep an audit trail of permissions


StoryTagger as a GDPR management tool

The good news is this is all built into StoryTagger. It has been designed to act as your GDPR management tool for user-generated video. As well as GDPR compliant T&Cs, an extension of your own company policy, you can add extra terms which act as a digital video release form built into the mobile app. Creators feel in control with their own record of consent and the ability to confirm or revoke consent if necessary.