iBase Digital Asset Management Blog


28th September 2018

DAM compliance with GDPR

Digital asset management (DAM) systems are an essential part of many businesses, storing and organising all your files and making life easier for all staff. But, with all these files being used and shared, how can you make sure your company is complying with the new GDPR (General Data Protection Regulation) legislation? Keep reading to find out whether your DAM system complies with the new rules…

What is the difference between DAM and CMS?

Who can access your files?

The primary function of the EU’s new GDPR legislation is to monitor and control how companies operating within the EU collect and use their customers’ personal data. So, it’s important that you are aware of who has access to your DAM system and can restrict access if necessary.

This is especially important if you’re dealing with sensitive files. That’s anything which discloses any personal information about either employees or individuals outside of the company.

If you have countless files containing personal information, don’t panic! Most good DAM systems allow users to control who has access to specific files to avoid data getting into the wrong hands. iBase’s digital asset system even allows users to select who can see certain metadata tags, as these often include personal data.

Does your provider comply?

There’s little point spending time and energy updating your systems in compliance with GDPR if your DAM provider doesn’t follow the same procedures. It’s important to make sure that whoever is providing the DAM system is GDPR compliant themselves – and that the hosting environment they use is protected.

DAM providers should never access your digital files or make any changes unless explicitly asked to, or if the files need to be viewed in the course of development or support. All companies should publish a GDPR statement, detailing their privacy policies. Check out iBase’s GDPR statement for more information about how we are compliant.

How secure is your system?

Of course, the first step towards improving customer safety and privacy is to ensure that your DAM system is secure and protected. If the files can be viewed by an outsider or if they are often shared freely, chances are you’re not compliant with the new GDPR rules.

First of all, anyone that appears on any of your data must have given explicit consent to be featured. You also need to present the option to remove any files at any given time, making sure that any shared files are removed too. iBase’s policy is to destroy any personal data within 5 days of request, shredding hard copies and wiping digital records.

iBase is GDPR compliant

Here at iBase, we prioritise customer satisfaction, including your privacy and protection. That’s why we have made all the necessary changes to ensure that we are not only just complaint with legislation, but that your data is completely secure. All of our systems are hosted within the Amazon AWS cloud service, which has also published a GDPR statement detailing their compliance.

We provide safe, secure and user-friendly cloud-based DAM systems, valuing not only your privacy but that of your staff, customers and clients. Take a look at our website today to find out more about how we can help your business. And please don’t hesitate to contact our friendly team with any questions or enquiries - contact us today by calling +44 1943 603636 or submit a query via our Contact Us form.

Contact Us More Details

digital asset management
Is Your Digital Asset Storage Compliant with GDPR?