( read 6 min)

How Digital Asset Management Can Help You with GDPR

By Eunbyeol Koh on April 19, 2018

You're likely hearing a lot about General Data Protection Regulation (GDPR) these days. GDPR is a new EU Regulation that will significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data.

Are you ready for GDPR?

One of the key objectives of GDPR is to empower individuals and give them control over their personal data. All individuals -  data subjects –  are given a right of access, a right to erasure, a.k.a. the right to be forgotten, a right to data portability and more under GDRP. In short, they are the owners of their personal data and get to dictate how it may be used or not.

All organizations that collect, process, or store the personal data of individuals residing in the EU have responsibilities to fulfil the request of a data subject in the context of your prospects, customers, partners and so on. This comes in effect May 25th, and penalties for violations will be significant.

To comply with the GDPR, organizations must have a clear view on their data, and be ready for the following questions as a first step:

  • What personal data do we collect?

  • Where is the data stored?

  • Why are we using the data, and do we have consent from the user?

  • Are we holding the data for any longer than is necessary?

  • Do we have procedures to modify or delete the data? 

  • Do we audit the data and keep it up-to-date?

The hidden value of Metadata

Having complete visibility over all your data assets is critical, and that’s where Digital Asset Management (DAM) comes into play. DAM enables you to embed multiple pieces of metadata into each of your files. Metadata – data about data – can be a title, a tag, a description of an image and numerous other types of information that is attached to the file and can be transported with it. Metadata plays a crucial role in meeting GDPR requirements because it provides the solution to many of the questions above, and that so many companies are struggling with.

This is how Digital Asset Management can help you with GDPR

Digital Asset Management enables you to easily find, access, and retrieve your digital assets, all from one single point of entry, across multiple devices, whether you’re in the office or not. By having full control over all the digital files, an organization will be able to respond to a data subject’s rights easily and promptly.

Remember: A file without context is just a file. By adding metadata, you can define its context, and all of a sudden that file is no longer just a file – it’s a valuable asset. This underlines the importance of quality metadata.

 “Under the GDPR, businesses are required to be able to delete all records of a user’s data – the user being either an individual or another business. To make this possible, one first needs to be able to find all the data produced by that customer. With regular cloud-based file sharing services such as Dropbox or Google Drive, which stores content in folders, sorting is often limited to modification time or date. When your only option is to search by filenames, finding those assets can be difficult. I use Dropbox for tons of things, and I love it for what it does, but a DAM is a very different thing,” says Data Processing Officer Olav Andreas Frenning at FotoWare.

LEARN MORE: How Consent Forms in FotoWare can help you ensure GDPR Compliance 

 “With a well-planned DAM that keeps track of contributors and other pertinent data as metadata tied to each asset, retrieving and deleting such data is absolutely straightforward.”

Olav Andreas Frenning, GDPR nerd at FotoWare

In addition, using a DAM as your own data repository in keeping track of your GDPR documentation is a good idea. “From my own experience with GDPR, the implementation does involve quite a lot of paperwork (albeit digital in these modern times), and often relies on the contribution of many co-workers to the documentation. In that sense, the ability to store GDPR related documentation in a central repository where we can work on it together and share updates is itself a timesaver,“ says Olav. Making the most of your FotoWare DAM solution will make it much easier to get your head around all the work that’s required to become GDPR compliant on time.

If you have any questions regarding FotoWare’s processing of personal data, please contact us at privacy@fotoware.com 


GDPR checklist for images
Is your use of images compliant with the GDPR?

Learn how to manage employee consent and manage GDPR for images.



Tags: GDPR