Does your company process European personal data? Are you or your clients operating in Europe? If so, you’ve had since May 2018 to comply with the EU GDPR or risk fines up to €20 million.
A common and dangerous oversight in the GDPR and data protection strategies of Media & Entertainment companies is the processing of voice personal data. Audio departments process and store high volumes of voice assets for dubbing & voiceover projects and they are rarely entered into structured compliance workflows.
In fact, compliance and data protection managers are often unaware this personal data is being stored and processed in-house.
1. Which Services are Processing Voice-Data?
Data protection officers are often surprised by the number of employees involved in the voice casting process. Depending on the size of an organisation, an Account Manger will assign the voice production of a project to a Project Manager, who may then assign the project to an audio localisation manager or external subcontractor.
Localisation managers will pull samples from their private casting databases, download samples from voice platforms, or request samples from colleagues to send to the Project Manager by email, who then sends the samples to the Account Manager, who in turn sends the samples to the final client in a casting proposition.
- Circulating samples are often saved by handlers, either inadvertently or for future castings
- Actors are often unaware their samples are stored in private casting databases, and while it seems obvious they would want to be referenced in these talent bases, GDPR and other data protection legislations require companies to obtain their authorisation for processing.
2. Name an "Honorary Voice-Data DPO"
Localisation professionals receive voice personal data from multiple sources and a good compliance practice is to designate one voice-data reception point, an “Honorary Voice Data DPO” to centralise the data, define and implement internal audio compliance workflows, and manage legal obligations such as:
- Requesting and recording actor autorisations
- Deleting non-authorised samples within a determined time limit
- Renewing actor authorisations following a strict calendar (usually every 2 years)
- Processing modification / rectification / deletion requests
- Renewing actor consent once requested modifications are made
- Provide actor access to personal data (samples included – subject to additional legal restrictions and data protection rights) within 30 days of requests
- Add newly acquired samples to compliance workflows
3. Define Voice-Data Policies for All Services
A good compliance practice to require all samples be routed directly to your “Honorary Voice Data DPO” for compliance processing before they’re used in production.
Producers and project managers should route all incoming voice samples to your Voice Data DPO, as well as samples collected during live castings. *Note : live casting recordings must be GDPR processed upon project completion if your audio team is keeping them for future casting projects.
Project delivery practices should be re-evaluated if your audio production teams are still delivering castings by email. Voice data is often forgotten in out boxes, and final clients are not always aware they have GDPR obligations once they reception the data and a project has finished.
Don’t forget Human Resources teams who often receive unsolicited voice samples. They should either delete upon reception or forward them to your Voice Data DPO for compliance management.
*Even if your HR department receives samples related to a specific project hiring, keep in mind the samples cannot be saved for future projects unless authorisation is obtained 100% independently of a work contract
4. Restrict Casting Database Access
Restrict data access to ensure the GDPR compliance integrity of your casting database.
For example, you might authorise all account managers, project managers and voice directors access to compliant voice assets, and limit access to media awaiting consent to only your “Honorary Voice-Data DPO”.
5. Confirm Vendor Audio Compliance
Non-compliant sub-contractors put the entire production chain at risk of fines up to €20 million or 4% of your last fiscal year, not to mention the potential damage to your brand. And while mandatory proof of voice-data compliance is becoming a standard request of key players in the Media & Entertainment localisation industry, many vendors have not yet implemented audio compliance strategies.
As published in the Reteller Magazine, October 2021 Issue – Written by Attorney Henri Leben, LEBEN AVOCATS, Paris. The voice constitutes personal data, and it
This long-awaited feature will amaze you! Now the people you share your castings with can comment on and rate samples. And with your authorisation – revocable
Webinar replay Mediartis is co-hosting a webinar with EGA (Entertainment Globalization Association) next Tuesday, October 19th at 5 PM (London) – 6PM (Paris) — 9AM
These new features simplify GDPR compliance management for both Mediartis users and talents validating their profiles and media. I. Compliance Validation after Personal Data Modification
Mediartis announced today they have joined the Entertainment Globalization Association (EGA), the leading worldwide association for audiovisual globalization, as a bronze sponsor. For several years,