Easily comply with GDPR
Easily create a register of individuals linking agreements to your images and video files. Receive warnings when agreements are nearing expiration and track where the files are being used.
GDPR module for your image bank in Mediaflow
With Mediaflow's DAM system, you can efficiently and securely manage personal data and agreements through our add-on module. Obtain consent through our digital signing service and receive alerts if files are not GDPR-compliant. With the GDPR module, you gain complete control over which files individuals appear in and how they can be used, among other features.
Digital consent
Collect new consents and image permissions via SMS, allowing recipients to sign using a verification code.
Integration with your CMS
By integrating Mediaflow with your CMS, you will automatically have a publication history and the option to automatically hide photos or videos when an associated consent has expired.
Manage image licenses and consents with our GDPR tools
The General Data Protection Regulation sets strict standards for handling personal data. With Mediaflow's GDPR module, you get access to several tools that make it easy to see which consents are given, their validity periods, and where in your marketing efforts you can use files from your image bank. Everything is smartly and intuitively designed, allowing GDPR tools to integrate into your daily workflow.
You can customize which users access these features, set their permissions, specify advanced notice for expiring agreements, and determine what actions are permitted with images that are not GDPR-compliant.
Digital and secure consent feature
You can quickly obtain consent and permission for image publication using our digital signing service.
When you initiate a request from within Mediaflow, an SMS is sent with a link to the recipient, providing an agreement for consent or a model contract that you have customized with the text. The recipient verifies all details and signs via a verification code sent via SMS or email. Mediaflow immediately stores the consent digitally, and the file in the image bank becomes GDPR-approved for use in your marketing.
Manage people and agreements
Under the GDPR tab in Mediaflow, all individuals within the system are listed, with the option to access further information about these individuals, their agreements, and the files they are associated with.
Here, you can also edit, add, or remove agreements. The list clearly indicates if someone lacks consent or has an agreement soon to expire.
Automatic facial matching for images
If facial matching is enabled, the system can suggest individuals found in images.
You will then receive a prompt to either approve or reject the connection. Please note that the technology is based on an algorithm that solely assists in identifying individuals based on data associated with your own account, and no data is shared with third parties.
What does GDPR say about photos?
1. State legal basis
There are three reasons why a file should not fall under the scope of GDPR: the file does not depict identifiable individuals, the file is historical (depicts a deceased person), or the image is artistic/journalistic. For all other files, you must specify the legal basis for storing the image. Article 6 of the General Data Protection Regulation lists the six different legal bases for storing personal data, and based on this, we have created several options to choose from for each file:
- Identifiable individuals present (consent required)
- Necessary for performing an agreement/obligation – You must store this file to fulfil your obligations under an agreement.
- Other, no consent required – When you must store the file because it “concerns you or a third party’s legitimate interests” (employee photos, marketing materials, etc.).
- External agreement exists – For images and files that, although containing personal data, are purchased via an image agreement that guarantees consent (for example from a photographer or image agency).
2. Tag individuals in the file
For the files where you indicated "Identifiable individuals present," you must provide information about the individuals in the file for the system to determine whether consent exists.
If facial matching is enabled and the file is an image, the faces of all individuals in the image will already be marked with a box labelled "Unknown." Otherwise, you must manually indicate the person's location in the image by creating a bounding box. With facial matching, you can also receive suggestions for identifying the individuals in the image. Alternatively, you can easily select an existing person from your register of individuals or add a new person if facial matching is unavailable.
3. Connect consent agreement
For a file to be considered GDPR-compliant by the system, it is necessary to specify that there is written, oral, or digital consent for all individuals in the file (unless another legal basis has been provided or it is a historical/artistic/journalistic image). Once this is done, the file will automatically become visible in various channels (if specified in the settings), such as in your Media Portals, for web editors, and in programs like Word and PowerPoint.
You can easily upload documents (such as scanned consent forms or audio recordings with consent) linked to the individuals. You can also utilize our digital signing service and consent feature to obtain digital consent.
Simple, scalable and affordable
Mediaflow is a Swedish cloud service that thousands of communicators, creators, and marketers use. Because the service is located in the cloud and easily accessible through your web browser, it also doesn't require any hardware investments, making it easy for large and small organisations to get started.