mediartis takes the hassle out of voice sample gdpr compliance

Your production stakeholders count on your compliance. Are you ready?

Upload your voice sample casting database. We’ll take care of the GDPR details. 

Or call us at +33 (0)7 68 59 28 16 (CEST – Paris) for answers now

Mediartis Dashboard

protect final clients and yourself with gdpr-friendly castings

We help you establish a solid legal basis for processing actors personal data – 100% independent of work contracts – the EU considers this a subordinate relation.  

Mediartis Simplifies Voice Data GDPR Compliance

  • We manage: data identification and mapping; consent solicitation, recording & renewal; modification, rectification and deletion requests; and even the tricky and complex obligation of providing data subject access to their data (isolated from your other data and watermarked for added security).
  • Personal data enters workflow within 24 hours after you import to your private cloud.
  • Real time reporting of individual contact and media compliance.
  • Dashboard reporting provides a 360° vision of cloud activity and database compliancy.

Ensure Your Castings are GDPR Compliant

  • Internal production teams and external subcontractors collaborate on castings directly on your private and secure cloud.
  • Only GDPR compliant voice samples can be added to castings as an added safeguard.
  • Your medias never leave the platform – no transferring or downloads possible. 
  • Control your casting environment authorisations and workchain access to ensure your delivered castings are compliant.  
  • Deliver final castings by inviting your clients to your private casting cloud.

Why voice GDPR compliance is important for audiovisual professionals

Voice is a biometric personal data protected by EU GDPR. Voice-data (voice sample databases) is subject to complex compliance regulations.

EU GDPR is mandatory for companies working and/or subcontracting in Europe and/or handling EU residents and/or citizens’ data since May 25, 2018.

GDPR imposes strict regulations for storing and using personal data, including voice samples stored and used for castings. 

If your company has a collection of voice samples, there are mandatory GDPR obligations you need to respect for storing, using, and sharing these with your clients in castings. Learn more about your obligations here

Industries working with high volumes of voice samples include publishers, producers, ADR & dubbing professionals, digital publishers, advertising agencies, etc.

GDPR risks

Companies, subcontractors and final clients can be fined for non-compliance

Fines as high as 4% of annual global turnover or €20 Million (whichever is greater). There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

Mediartis "Privacy By Design" GDPR Solution:

Alerts data subject that your company is holding and processing their voice samples and other personal data

Solicits and records explicit active user consent and consent-renewal

Records, processes and routes data modification requests

Provides reporting and statistics on GDPR compliancy of your voice data assets

Provides direct secured access to data subjects’ isolated data – watermarked for added security

Deletes data in client cloud voice databases upon user request and/or refusal of consent

Provides transparent and accurate data mapping for GDPR auditing

Provides real time GDPR compliance status for contacts + voice samples

Secures voice data with top-of-the-line technologies 

What are your GDPR obligations?

Active Consent

Rules concerning GDPR compliant consent are tighter than every. Illegible terms of use masking consent terms are no longer acceptable.  

Clearly worded, easy-to-understand, explicit consent requests that require active confirmation is what GDPR wants to see. 

Trackability and duration of consent is also enforced. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.

Right to Access

GDPR exists to protect data subjects, and arms them with strictly enforced rights concerning their personal data. 

They have the right  to know who is holding their personal data, what personal data is being held specifically, for what reason, how it’s protected and being secured. 

They also have the right to access all the personal data a company is holding and using. Controllers must provide a copy of the personal data, free of charge, in an electronic format.

Right to be Forgotten

The right to be forgotten entitles data subjects to demand data controllers erase all personal data from all organisational supports. 

Obligations include stopping any further dissemination of their data, and potentially have third parties cease processing of the data.

Excellent internal communication between organisational services is critical for respecting this obligation. Centralising GDPR processing and recording is imperative. 

Data Portability

GDPR introduced data portability: a data subject’s right to receive the personal data a company holds concerning them. 

Companies must be able to provide “machine readable formats” of every element of data they possess concerning each data subject. 

Being capable of providing access to have a global overview of subject data is important. Allowing consent for specific elements helps protect the integrity of assets. 

Privacy by Design

Privacy by design calls for the inclusion of data protection from the start of the system designs, rather than an added functionality. 

More specifically, “the controller shall… implement appropriate technical and organisational measures… in an effective way… in order to meet the requirements of this Regulation and protect the rights of data subjects”.

While not every company planned ahead for GDPR, it’s urgent to adapt and get the necessary tools in place asap.

GDPR obligations concerning the handling and processing of personal data are many. We recommend visiting the European Commission official website for complete details. Following is an overview of data subjects’ personal rights enforced by the GDPR. If you have questions concerning internal data handling processes and policies in your company, we strongly recommend contacting a data protection consultant or running a data protection audit.