Many universities have extensive image archives as well as their growing library of current visual content. To comply with privacy laws, they increasingly have the need to ensure consent forms and permissions are attached to those files, so that they can safely be distributed, repurposed and reused for marketing activities.
In Europe, where GDPR came into force in 2018, marketers at universities have had to review and transition into a more robust way of managing consent. The transition for many meant a substantial reduction in personal data and whatever that data was attached to – marketing lists, video, images, and audio.
In the UK, a British version of GDPR has been announced by the government, which aims to simplify consent rules, but it’s still too early to say what impact it will have on marketing and advertising. However, for universities and schools, the need for an effective solution to house their media – with the ability to manage consent forms, privacy policies, and permissions – continues to be a crucial requirement.
Managing Consent to Optimise Media Re-use
Digital asset management resolves the issue of dislocated file storage by providing a platform on which to archive, manage, and centralise all digital files. Having a cloud-based library allows images to be keyworded, searched, and shared quickly and easily.
Additionally, digital asset management solutions like PhotoShelter for Brands have several features which are specifically designed to help with permissions, consent, and record-keeping.
As universities often take photographs of students on campus, having correct usage rights and consent is essential if they are providing the images as stock assets available to staff.
When a user logs into their DAM platform, you can require that they accept a set of terms and conditions. To avoid becoming a nuisance, once a user accepts the terms, this decision is recorded. DAM solutions, like PhotoShelter for Brands, offer the ability to set a log retention policy, so that personal data is not stored indefinitely – GDPR specifically states you must not hold data for longer than is necessary.
Attaching Consent Forms
A big part of your university’s content marketing strategy may involve tracking, highlighting, and programming events that feature accomplished alumni in your network to both encourage potential students and re-engage former students.
When photographs containing students are published on your website, like photos taken at a sports match or alumni event, you need to obtain consent from the person(s) depicted. This is generally achieved using a consent form that they sign, giving you the right to store the image.
Let’s look at an example of how this may work.
Jennifer Davis is a graduate of a university in England and she now works in Australia as a successful author and speaker. As a member of the alumni network, she keeps in touch with the university in England and often gets invited to speak at alumni events. Using PhotoShelter’s PeopleID feature, which is part of our Artificial Intelligence product suite, anyone at the university who needs to identify images of her can instantly search and check the consent status of the subjects within the images stored in your media library.
GDPR specifically states you must not hold data for longer than is necessary.
Using Metadata to Record Consent
DAM solutions are built for metadata flexibility. With PhotoShelter for Brands, you can add custom metadata fields which can be drop-downs, yes/no options, tree structures, or free text. If your media library offers a GDPR compliance package, you can use it for example to record consent, to maintain a log, or to refer to other systems. Metadata fields can be protected from editing, again helping to stop information from being changed by accident or revealed in the wrong contexts.
Using Metadata to Recall Records
In Europe, as part of the GDPR, individuals have a right to access their personal data, and when they do, metadata can be used to instantly recall specific records when data owners or ‘subjects’ request them. Individuals also have the right to have personal data erased, known as ‘the right to be forgotten.’ Being able to recall all files with the same metadata from one centralised source can make erasing data quick and simple, and ensure accuracy.
In the case of universities, which often have a large alumni network and work with former students on marketing activities, an individual may request to be removed from the media library. In the example mentioned above, Jennifer Davis may decide she no longer wishes to speak at events at the university and would like to have her record updated or removed.
Protected Content Through Permissions
To make sure content and its associated personal data is truly secure and protected, a quality DAM system will allow you to set site, folder, user role, and other organisational permissions. In PhotoShelter, every gallery and collection has customizable visibility and permissions settings which are controlled by you. These permission settings determine who can see your library’s contents.
Continuing with our university example, the administrative user of a DAM at higher education institutions can adjust the permission settings so visitors can navigate to a gallery or collection and either access the content freely or after unlocking the library using a correct password.
Content can also be embargoed or expired, watermarked and protected from forwarding to other users.
Keeping Compliant
With the rapid increase of digital content creation and large volume of exchanges of personal data, manual processes simply can’t keep pace with the expectations and obligations set out by current legislation. The collection of information about users and their habits and preferences, and automated decision-making both in public and private sectors, is rising at a dramatic rate.
In Europe, organisations and universities in particular must keep pace, or be faced with potential serious consequences and fines, so inevitably investing in technology is becoming an even bigger priority. Implementing a good digital asset management platform will continue to enable universities to meet many data protection requirements and is a clear step towards compliance with data privacy, such as GDPR.
At PhotoShelter, we’re very proud to work with some of the top universities around the world, helping them keep compliant with privacy laws and supporting their creative workflows across all their digital channels so they can share their stories. If you’d like to learn more, follow us on Twitter (@psforbrands) or join our PSB Creative Slack community.
