Mediartis

5 Tips to Keep Your Audio Production Teams GDPR Compliant

Does your company process European personal data? Are you or your clients operating in Europe? If so, you’ve had since May 2018 to comply with the EU GDPR or risk fines up to €20 million.

A common and dangerous oversight in the GDPR and data protection strategies of Media & Entertainment companies is the processing of voice personal data. Audio departments process and store high volumes of voice assets for dubbing & voiceover projects and they are rarely entered into structured compliance workflows.

In fact, compliance and data protection managers are often unaware this personal data is being stored and processed in-house.

1. Which Services are Processing Voice-Data?

Data protection officers are often surprised by the number of employees involved in the voice casting process. Depending on the size of an organisation, an Account Manger will assign the voice production of a project to a Project Manager, who may then assign the project to an audio localisation manager or external subcontractor.

Localisation managers will pull samples from their private casting databases, download samples from voice platforms, or request samples from colleagues to send to the Project Manager by email, who then sends the samples to the Account Manager, who in turn sends the samples to the final client in a casting proposition.

Risks:

  • Circulating samples are often saved by handlers, either inadvertently or for future castings
  • Actors are often unaware their samples are stored in private casting databases, and while it seems obvious they would want to be referenced in these talent bases, GDPR and other data protection legislations require companies to obtain their authorisation for processing. 

2. Name an "Honorary Voice-Data DPO"

Localisation professionals receive voice personal data from multiple sources and a good compliance practice is to designate one voice-data reception point, an “Honorary Voice Data DPO” to centralise the data, define and implement internal audio compliance workflows, and manage legal obligations such as: 

  • Requesting and recording actor autorisations
  • Deleting non-authorised samples within a determined time limit
  • Renewing actor authorisations following a strict calendar (usually every 2 years)
  • Processing modification / rectification / deletion requests
  • Renewing actor consent once requested modifications are made
  • Provide actor access to personal data (samples included – subject to additional legal restrictions and data protection rights) within 30 days of requests
  • Add newly acquired samples to compliance workflows

3. Define Voice-Data Policies for All Services

A good compliance practice to require all samples be routed directly to your “Honorary Voice Data DPO” for compliance processing before they’re used in production.

Producers and project managers should route all incoming voice samples to your Voice Data DPO, as well as samples collected during live castings. *Note : live casting recordings must be GDPR processed upon project completion if your audio team is keeping them for future casting projects.

Project delivery practices should be re-evaluated if your audio production teams are still delivering castings by email. Voice data is often forgotten in out boxes, and final clients are not always aware they have GDPR obligations once they reception the data and a project has finished.

Don’t forget Human Resources teams who often receive unsolicited voice samples. They should either delete upon reception or forward them to your Voice Data DPO for compliance management.

*Even if your HR department receives samples related to a specific project hiring, keep in mind the samples cannot be saved for future projects unless authorisation is obtained 100% independently of a work contract

4. Restrict Casting Database Access

Restrict data access to ensure the GDPR compliance integrity of your casting database.

For example, you might authorise all account managers, project managers and voice directors access to compliant voice assets, and limit access to media awaiting consent to only your “Honorary Voice-Data DPO”.

5. Confirm Vendor Audio Compliance

Non-compliant sub-contractors put the entire production chain at risk of fines up to €20 million or 4% of your last fiscal year, not to mention the potential damage to your brand. And while mandatory proof of voice-data compliance is becoming a standard request of key players in the Media & Entertainment localisation industry, many vendors have not yet implemented audio compliance strategies.

  More on non-compliance risks.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email