What the GDPR Means for Your Digital Content and Metadata

Richard Bamford
May 12, 2020
1 min read

Digital content is king, and it’s not going anywhere. Audiences are searching, reading, streaming, viewing, and sharing digital content like never before. For businesses and organizations, strong digital content can lead to more than just social media buzz — it can increase conversions and generate higher demand for your services.

There are growing demands for marketing departments to create and repurpose digital content for web, social, and print channels. And they’ve got their work cut out for them. While the technology landscape continues to expand and evolve, changes in legislation present a unique challenge for marketing teams. The introduction of laws like Europe's GDPR, Brazil’s Lei Geral de Proteção de Dados (LGPD), and the US State of California's 'AB 375'  are designed to protect the rights of the individual.

When you think about sensitive data online, credit card numbers, home addresses, and passwords often come to mind. However, the digital content that marketing teams and agencies publish on a regular basis can put organizations at risk of violating GDPR. In this article, we’ll explore:

  1. What does the GDPR have to do with digital content?
  2. How should you manage embedded metadata?
  3. How can you get your team on board with a digital content compliance audit?
  4. How can a digital asset management tool benefit your team?

Let’s dive in.

What Does the GDPR Have to do with Digital Content?

This legislation may seem irrelevant to digital content. After all, companies aren’t publishing social posts that reveal individuals’ browsing habits. However, the truth is that the digital content we search, consume, and share every day actually contains a tremendous amount of metadata.

Under the GDPR, an identifiable person is someone who can be identified — either directly or indirectly —by their name, an identification number, or their geolocation data.

This information could potentially be embedded within the metadata of any file shared online. While it might not be immediately visible to the human eye, these metadata could be extracted or read. The GDPR also prohibits sharing pieces of personally identifiable information (PII) which could be combined and then used to identify an individual. That’s why the details of your metadata are so important.

For example, consider a blog post on your website. This piece of content features a couple of photos taken by the author as well as some selfies that customers have snapped with your products. The imagery itself doesn’t provide any sensitive information, but the embedded metadata tells a more revealing story. Almost all digital photos are embedded with geolocation data. This means that it’s possible for someone with access to this public post to access the actual locations of the blog’s author and of the customers who volunteered their selfies, by saving and extracting metadata from these images.

Of course, the author and customers are probably totally unaware that their photos contain these metadata. Organizations and businesses are often not aware of the issue either. But just because they’re not aware of it, doesn’t excuse them from making these sensitive data public.

What can you do to prevent problems like this and ensure compliance with the GDPR?

How to Manage Embedded Metadata

The example we shared above is just one of the countless variations on a common theme. Metadata are often embedded within digital content destined for an online audience. That’s why it’s imperative to manage metadata with an eye towards eliminating slip-ups and complying with GDPR. In order to achieve this, you first need to identify and understand which assets contain metadata. Once you have this information, you can decide whether to purge all your metadata en masse or delete parts of it selectively.

When it comes to existing collections of digital images, videos, and other visual content, a good starting point would be to centralize all the content. Without a single source of truth, you won’t be able to see the full extent of the data, and a content audit will never be 100% accurate.

Once you’ve completed your content audit, you and your team can move forward in compliance, follow GDPR best practices, and know that your foundation is solid. Compliance isn’t a hand-off effort. It requires operational changes and continuous maintenance. Data should be regularly hidden, anonymized, and purged. Digital asset management (DAM) solutions can help automate a large volume of this work — and provide insight into how all assets are being used.

The first step towards compliance is taking inventory of every piece of digital content in your company. This might sound like an overwhelming task since it will require significant effort, time, and communication. And while it’s sure to be met with resistance from your team members, it is absolutely essential for moving forward.

How Do You Get Your Team to Move Forward with a Digital Content Compliance Audit?

A content compliance audit will likely be met with resistance for two reasons: prioritization and control.

Any audit is just one of many projects competing for your team’s time and resources. However, once stakeholders understand the significance of GDPR compliance, it will become clear that noncompliance poses a serious threat to your organization’s reputation and bottom line. Impress upon your team the risks of noncompliance and establish a clear project roadmap for the audit, and it will likely be deemed a much higher priority.

The second challenge for buy-in doesn’t come from the top, but rather from throughout the organization. Quite simply, it’s not always easy to persuade your team members to grant you access to all their digital content.

  • Some of your team members might not want to relinquish control of the content they’ve amassed for fear of being bypassed.
  • Others in your company might fear that the files they need will become difficult to find or lost entirely.
  • You might have some teammates who are breaking internal guidelines by storing files in incorrect locations or neglecting naming conventions — they’re worried about scrutiny.
  • Then, there are those who feel they have power over colleagues, departments, or even the organization as a whole because of their unique control and access to specific assets. They are afraid of losing this power, whether it’s real or imagined.

Fear makes people controlling. Many individuals and even teams will cling to content and assets due to concerns like these. Any resistance you encounter is entirely based in fear. Your team members’ concerns are valid, and you need to address their fears in order to move forward.

I recommend introducing the term 'content amnesty' into the conversation. Explain that this audit will be a blank slate and the first step in a process that will better support all individuals and departments. Be ready to forgive the file mismanagement and content hoarding of the past, so that you can get everyone on board with a digital content audit and plan for the future.

What Benefits Can a Digital Asset Management Tool Provide?

A digital asset management (DAM) solution provides a centralized platform that can support your content audit and ease future compliance operations.

If you want to build user confidence in asset search and retrieval, then you need to understand what you have, identify duplicates, standardize file formats, and build a common taxonomy for your digital content. An effective DAM will make this process easier and faster. And if you can show your team members how easy it is to find the digital content they need, they will be much more likely to support the project.

Once your audit is complete, you can use the DAM to ensure compliance. The right DAM will make it easy for you to locate and purge any metadata that may contain PII.

One organization keeping its image library GDPR compliant is Sustrans, a U.K. charity that encourages people to walk and cycle. They recognized that GDPR is designed to protect everyone. With over 60,000 images in their collection, Sustrans wanted to ensure that their assets were totally GDPR-compliant.

Sustrans implemented Portfolio — a powerful DAM solution — to create a single source of truth for all of their visual content. Not only has Sustrans achieved compliance with GDPR, but they have also improved day-to-day access to their digital content with Portfolio.

The Best Way to Manage Your Digital Content

Fear doesn’t have to keep you from managing your assets and being a good digital citizen. Instead of dreading the work that goes into achieving GDPR compliance, view this challenge as an opportunity.

Your organization has the potential to better understand its own operations and improve upon them. In time, you’ll find that the superior insights and clarity around all your assets and metadata will also lead to greater peace of mind and clear communication.

Don’t be afraid to be outspoken about compliance goals and achievements. By demonstrating that your organization is a trustworthy custodian of data, you can improve customer confidence in your business. Your organization can rise to the occasion and be exceptional — for your customers, your team members, and your entire community.