Easily comply with GDPR
Easily create a register of individuals linking agreements to your images and video files. Receive warnings when agreements are nearing expiration and track where the files are being used.
GDPR module for your image bank in Mediaflow
With Mediaflow's DAM system, you can efficiently and securely manage personal data and agreements through our add-on module. Obtain consent through our digital signing service and receive alerts if files are not GDPR-compliant. With the GDPR module, you gain complete control over which files individuals appear in and how they can be used, among other features.
Digital consent
Collect new consents and image permissions via SMS, allowing recipients to sign using BankID or a verification code.
Integration with your CMS
By integrating Mediaflow with your CMS, you will automatically have a publication history and the option to automatically hide photos or videos when an associated consent has expired.
Manage image licenses and consents with our GDPR tools
The General Data Protection Regulation places high demands on the handling of personal data. With Mediaflow's GDPR module, you gain access to several tools that make it easy to see which consents are in place, their validity periods, and where in your marketing efforts you can use files from your image bank. Everything is intelligently and intuitively designed, so GDPR tools seamlessly integrate into your daily workflow.
You have the flexibility to configure which of your users can access these functions, define their permissions, set the advance notice for expiring agreements, and specify what actions are allowed with images that are not GDPR-compliant. The connection to Media Portals and the integration with CMS automatically hide files on your web pages when their consent agreements expire.
Digital and secure consent feature
You can quickly obtain consent and permission for image publication using our digital signing service.
When you initiate a request from within Mediaflow, an SMS is sent with a link to the recipient, providing an agreement for consent or a model contract that you have customized with the text. The recipient verifies all details and signs via a verification code sent via SMS or email. Mediaflow immediately stores the consent digitally, and the file in the image bank becomes GDPR-approved for use in your marketing.
Manage people and agreements
Under the GDPR tab in Mediaflow, all individuals within the system are listed, with the option to access further information about these individuals, their agreements, and the files they are associated with.
Here, you can also edit, add, or remove agreements. The list clearly indicates if someone lacks consent or has an agreement soon to expire.
Automatic facial matching for images
If facial matching is enabled, the system can suggest individuals found in images.
You will then receive a prompt to either approve or reject the connection. Please note that the technology is based on an algorithm that solely assists in identifying individuals based on data associated with your own account, and no data is shared with third parties.
What does GDPR say about photos?
1. State legal basis
There are three reasons why a file should not fall under the scope of GDPR: the file does not depict identifiable individuals, the file is historical (depicts a deceased person), or the image is artistic/journalistic. For all other files, you must specify the legal basis for storing the image. Article 6 of the General Data Protection Regulation lists the six different legal bases for storing personal data, and based on this, we have created several options to choose from for each file:
- Identifiable individuals present (consent required)
- Necessary for performing an agreement/obligation – You must store this file to fulfil your obligations under an agreement.
- Other, no consent required – When you must store the file because it “concerns you or a third party’s legitimate interests” (employee photos, marketing materials, etc.).
- External agreement exists – For images and files that, although containing personal data, are purchased via an image agreement that guarantees consent (for example from a photographer or image agency).
2. Tag individuals in the file
For the files where you indicated "Identifiable individuals present," you must provide information about the individuals in the file for the system to determine whether consent exists.
If facial matching is enabled and the file is an image, the faces of all individuals in the image will already be marked with a box labelled "Unknown." Otherwise, you must manually indicate the person's location in the image by creating a bounding box. With facial matching, you can also receive suggestions for identifying the individuals in the image. Alternatively, you can easily select an existing person from your register of individuals or add a new person if facial matching is unavailable.
3. Connect consent agreement
For a file to be considered GDPR-compliant by the system, it is necessary to specify that there is written, oral, or digital consent for all individuals in the file (unless another legal basis has been provided or it is a historical/artistic/journalistic image). Once this is done, the file will automatically become visible in various channels (if specified in the settings), such as in your Media Portals, for web editors, and in programs like Word and PowerPoint.
You can easily upload documents (such as scanned consent forms or audio recordings with consent) linked to the individuals. You can also utilize our digital signing service and consent feature to obtain digital consent.
Simple, scalable and affordable
Mediaflow is a Swedish cloud service that thousands of communicators, creators, and marketers use. Because the service is in the cloud and easily accessible through your web browser, it also doesn't require any hardware investments, making it easy for large and small organizations to get started.