According to the GDPR, any subcontractor processing personal data for an organisation, and under the authority of a controller (entity who determines the means and purpose of the processing).
GDPR is based on the responsibility and accountability of any entity handing the personal data of Europeans. It holds everyone involved in a voice production workflow responsible. Subcontractors are also held accountable for compliance of samples they use and exchange. Administrative penalties could reach up to €10M or €20M, or up to 2% or 4M of global revenues. A few examples of when such sanctions could apply :
- Acting outside the lawful instructions of the client
- Not respecting data subject rights outlined by the GDPR
- Not providing access to personal data being held
- Not providing data subjects the necessary information to exercise their GDPR data protection rights
- Not informing a client a direct instruction would be a violation of European regulations
- Subcontracting without explicit authorisation by a client
From the final client to localised voice production provides, all production workflow participants must be able to ensure GDPR compliance of everyone involved in voice projects.
For example, a studio working with an artistic director who provides a casting with voice samples, names and phone numbers, must be capable of confirming: he or she has obtained the necessary authorisations for every piece of data concerning the voice actor, provided secured storage, accessibility, processed modification requests, renewed consent if necessary, of the actors’ data before sharing the data with the studio.
Disclaimer: All data and information provided in this blog post are for informational purposes only. Mediartis makes no representation as to the accuracy, completeness, timeliness or validity of the information contained in this document. We recommend that you consult a lawyer for any legal advice regarding the respect of data protection.
Share this article