Consent Management for effective GDPR compliance
As an add-on to Fotoware DAM, Consent Management centralizes image consent forms, allowing users to gather, customize, and link these directly to media files, ensuring that personal data is handled appropriately and securely.
What is Consent Management in Fotoware?
Consent Management is a tool that enables you to create customized consent forms and attach these to media files. In Fotoware, Consent Management is available as an add-on to the Digital Asset Management (DAM) solution, allowing administrators to store, manage and distribute image consent forms directly from the system and linking these to media files - ensuring full transparency across the organization.
The image consent forms are highly customizable, and can be signed before, during or after an event. They can be simple, with a standard “yes or no” question, or complex, offering the opportunity to tailor the form in great detail. For example, a single consent form can include categories such as “social media”, “printed advertisement”, “digital campaigns”, etc. allowing people to consent to certain types of usage and not others.
Once a consent form is attached to a file, a visual marker clearly indicating the values presented in the form (e.g. full consent given, partial consent given, pending) is automatically added to the image. And since the markers are based on metadata, they will automatically update if a form is added to the file, revoked or replaced with another.
The Consent Management workflow
A typical image Consent Management workflow consists of three parts:
Step 1. Collecting image consent
The process of collecting image consent can be done in multiple ways, before, during or after the photos are taken. Many large organizations choose to send out image consent forms beforehand, directly through the system. This is often done via email, but another option is to generate a link or a qr-code.
For situations where image consent must be gathered ad-hoc, photographers can use the Fotoware mobile app to request consent on-site. In such cases, the person signing the form can simply scan a qr-code (that is generated then and there using the photographer’s phone) and immediately access the form.
A third option is to gather oral consent before taking the photos, and ask for the formal consent afterwards. This can be preferable if there are a lot of people being photographed, but only a few images chosen for further processing and usage. In such instances, you simply mark the files related to a specific person and request consent via email. Once signed, the images will update automatically with visual markers reflecting the values of the attached consent forms.
Step 2. Managing image consent
Once the consent is gathered, you can manage them within the system, ensuring that they are attached to the right files - and only the right files. Sometimes, if requesting consent after the images are uploaded to the system, the asset linking is already done. Otherwise, this can easily be fixed by selecting the right files and and manually attaching one or multiple image consent forms.
Learn more: Asset linking - helping you ensure efficient GDPR compliance
Step 3. Revoking or updating image consent
Oftentimes, the consent management workflow stops once the forms are attached to the correct files, but sometimes, individuals may revoke or update their consent later on. In such cases, this can easily be handled with just a couple of clicks.
If someone revokes their consent, a system administrator may simply revoke the digital form stored in the system, and all associated images will automatically be updated with new markers, clearly indicating that the consent has been revoked.
In some situations, new image consent forms may replace the old ones, for example if the form is outdated or if the person signing it wants to change their consent. This is also a simple process: all the administrator has to do, is find the original form, link the new one to the attached images and delete the old form once it’s done.
Useful functionalities for GDPR compliance
The Consent Management tool by Fotoware has many functionalities that help organizations ensure GDPR compliance and best practices for their media files. They're all incorporated into the system and can be tweaked to fit your specific needs.
Customized templates, categories, and fields
Few, if not none, other Image Consent Management tools can be customized to the same degree as the ones delivered by Fotoware. Within the system you can configure and select exactly what types of information the individuals singing the form should leave behind. For example, an organization may require people to add a predetermined identification number, functioning as a unique identifier (e.g. an employee number) for all images and forms related to the individual.
When creating a form - or template, as it’s called within the system - the administrator can customize several details, including: the terms and conditions; the company information; the categories of consent (what a person is consenting to); fields of information; what’s required and what’s optional; and the contents of the email body used when requesting consent.
This way, the image consent forms can be tailored to solve a plethora of challenges. From gathering consent for images taken during a specific photoshoot or event, to generic consents relating to all media files processed by the system.
/gdpr-report-2024-photos-employees.jpg)
Declining consent
When requesting consent from an individual, the person always has the opportunity to decline the consent with a single click. This is a central step to GDPR compliance, since it offers individuals the option to refuse the terms and conditions.
By default, the system would require individuals to leave their first name, last name and email upon declining, but this can be customized. For example, one may configure the consent forms to only ask for first and last name, or one may ask for additional information, such as phone number or employee ID.
Guardian consent
In cases where minors are photographed, the Consent Management tool allows administrators to configure the image consent forms to incorporate parental/guardian consent, instead of or in addition to, standard consent. This is a useful functionality when processing and using images where minors are present, and is easily configured on template level.
Role-based access
Just as with the DAM solution itself, role-base access control ensures that people only see what they’re supposed to. For example, while only a small group of system administrators are allowed to browse the full collection of consent forms, everyone engaging with approved marketing materials will see consent information relevant the these, knowing immediately whether the images, videos or other designs can be used for specific purposes.
Role-based access control is an essential step toward GDPR compliance, because it ensures that personal information is only presented to those with a legitimate need for it.
Watch the webinar: How to ensure full control and GDPR compliance for media files
How to succeed with Consent Management
Whether you’re new to Consent Management or have used these types of tools in the past, chances are you can streamline parts of your image consent workflows.
At Fotoware, we have a dedicated team of experts with years of experience in helping organizations manage media files in a compliant and efficient way. Typically, they'll work with the administrators to configure the system so that it fits their specific needs - whether it’s event-based image consent forms, options for guardian consent, ad-hoc consent with the mobile app, or something else entirely.
