GDPR is based on a logic of responsibility and accountability of all entities and individuals processing European personal data. GDPR considers every stakeholder in the production chain co-responsible for the compliance of a project, subcontractors (vendors) included.
Under GDPR, any entity or person is considered a subcontractor if processing personal data on behalf of, on the instruction of, and under the authority of a data controller (entity or individual who determines the means and purpose of processing).
Subcontractors (vendors) are responsible for the compliance of voice assets used and shared during the casting process. Live casting samples made for a specific casting may be covered by contracts for use during the casting phase, however, samples pulled from casting databases are subject to compliance processing. It’s important to note that live casting samples added to databases for future projects must be entered into compliance processing, and actor consent cannot be acquired in relation to the original project contract.
From the final client to localised dubbing & voiceover suppliers, GDPR requires all project stakeholders be able to ensure the GDPR compliance of everyone involved in a voice production project.
For example, a company working with an external studio or voice director who provides castings, voice samples, actor names, phone numbers, etc., must be able to ensure the supplier has obtained all necessary permissions and processed all actor data in compliance with GDPR before they accept data from the supplier. Once the casting phase is finished, the company who contracted the studio must either delete the personal data from all supports, or enter the data into compliance processing. Data security and transfer regulations must also be considered when auditing partner compliance.
As GDPR non-compliance penalties can reach up to €10M or €20M, or up to 2% or 4% of global revenues, compliance of the entire casting work chain is critical.
For more detailed information, please visit the European Commission website.
Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend consulting with a DPO or privacy counsel regarding your specific data protection legislation obligations.
Share this article
