<img src="https://ad.doubleclick.net/ddm/activity/src=10024890;type=invmedia;cat=front0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?" width="1" height="1" alt=""> How Two of Norway’s Largest Enterprises Solved GDPR Challenges with Images
Skip to content
Customer Stories GDPR

How Two of Norway’s Largest Enterprises Solved GDPR Challenges with Images

22. April 2020

Since the GDPR was introduced in May 2018, businesses of all sizes have faced several difficult challenges to comply. For enterprise companies, these challenges are multiplied due to high numbers of employees whose personal data must be managed in accordance with the GDPR. In this article, you will learn how some of the largest enterprise businesses in Norway solved major challenges to GDPR compliance regarding the use of photos and videos of employees.


This article is based on the experiences of two of Norway's largest enterprise retail companies, with thousands of employees in various locations across the country. As Customer Engagement Manager at FotoWare, I worked closely with both companies to help them ensure GDPR compliance with their use of photos and videos of their employees.

img-blog-GDPR case study-JFE-Bettina

The Problem

One of the most difficult areas of GDPR compliance is in the use of images since photos and videos can be considered personal data. In order to be compliant in this area, an organization essentially needs to be able to find every image it possesses of a person to adhere to the GDPR Article 7 (Right to Withdraw Consent), Article 15 (Right of Access), and Article 17 (Right to Erasure). Like many businesses, these companies stored their vast libraries of images in folder structures on servers and hard drives.

If an employee (past or present) wanted to exercise their right to any of the above, the company could be required to find every image it possesses of that individual and change the usage status (eg. if consent is withdrawn) or erase those images, within 30-days of the request. This scenario would have resulted in a highly labor-intensive and demanding process, affecting multiple departments such as Marketing, Communications, and Human Resources. These departments often use employee images, both internally and externally, for a variety of initiatives including campaigns, onboarding resources, and ID cards. Previously, these companies had no effective or reliable method for carrying out such tasks.

The Challenges

Due to existing image management, there were three main challenges that each of these companies experienced, which negatively contributed to their GDPR compliance with images. 

1. No way of knowing which employees they had images of

With hundreds or thousands of employees working in different locations, it was an impossible task for the team handling these images to know or recognize each employee that was featured in these images. The sheer volume of staff alone meant there was simply no way of identifying which employee was in a photo or video, unless they knew them personally - and that's obviously not practical, reliable, or scalable.

2. Inefficient searching for images of employees

Photos and videos being stored in folder structures on severs, cloud-sync services (eg. Dropbox, OneDrive), or hard drives, meant that the process of locating specific images was incredibly time-consuming. It was heavily reliant on a select group of people who should know where to look to find them, but this was still an inefficient manual process that required back-and-forth communication and took time away from other colleagues.

3. No way to identify the consent status and usage rights of employee images

There was no way of knowing what purposes an image could be used for (eg. social media/on the website/offline or internally/externally), and whether the company still had consent to use it. This also impacted collaboration, creating additional unnecessary workload for different departments who would be unable to identify which images they could or could not use, without communicating with other colleagues.

The Solutions

FotoWare's Digital Asset Management system was able to help them solve the 3 challenges to GDPR compliance for image use, as well as enhance efficiency across other areas of the businesses.

1. Tagging every image with important information about the employee

In FotoWare, users are able to tag files with important information (metadata) which relates to the digital assets and makes them searchable. For these enterprise companies, the photos and videos of employees are uploaded and tagged with information such as the employee's first name, last name, and employee ID number. This makes it possible to keep track of who is featured in every image and enables staff to find and retrieve images of specific employees quickly and easily. As well as images, the consent form for each employee is also tagged with this information, so that it can also be retrieved easily in accordance with GDPR Article 7(1) - demonstrable proof of consent.



LEARN MORE: How to Collect and Manage Image Consent Forms in FotoWare

2. Using keyword search to quickly and easily find specific images

In contrast with searching through folder structures to find images, FotoWare enables users to find images in seconds by searching based on the metadata that has been tagged to the image. For example, users can now search for photos by name "John Smith" or employee ID number "199225". This means they can now find the exact photos they needed instantly, rather than searching through batches of images that may contain an image of a specific person.


3. Using visual markers to identify the consent status and usage rights of images

It is now possible for staff to identify whether or not an image could be used for their desired purpose, thanks to visual markers that are displayed on the preview of the photo or video. This reduced significant friction by allowing staff to work more independently and removing the need to engage in communication with other colleagues to establish whether or not they could use an image. It has freed up far more time for the marketing teams, who are typically regarded as the company 'content librarians'.

Furthermore, FotoWare's plug-ins to Microsoft Office and Adobe InDesign, also saved significant time for staff tasked with creating PowerPoint presentations and other materials. Instead of flicking between windows, they can now select their images from FotoWare within the program they are using.


FotoWare empowers organizations to be GDPR-compliant through proper use of its Digital Asset Management system, and cannot advise on any legal aspect of the GDPR. FotoWare makes no representation, warranty or guarantee of GDPR-compliance when using the product.