GDPR and Product Data
The General Data Protection Regulation (GDPR) is an EU regulation that governs the processing of personal data. While GDPR is primarily associated with customer and employee data, it also has implications for product data management when personal data is involved.
What is the GDPR?
The GDPR (Regulation (EU) 2016/679) came into force on May 25, 2018, and applies to all organizations that process personal data of EU residents, regardless of where the organization is based.
Key principles of the GDPR:
-
Lawfulness: Personal data may only be processed if there is a legal basis
-
Purpose limitation: Data may only be used for the specific purpose it was collected for
-
Data minimization: Only the data strictly necessary for the purpose may be collected
-
Accuracy: Personal data must be kept accurate and up to date
-
Storage limitation: Data must not be kept longer than necessary
-
Security: Appropriate technical and organizational measures must protect the data
When is GDPR relevant in product data management?
In OMN and product data management, GDPR becomes relevant when product-related data includes personal information, for example:
-
Creator metadata: Images may contain IPTC/Exif metadata with the photographer’s name
-
Customer-related content: Product images showing identifiable persons (e.g. models in product photos)
-
User data in OMN: User accounts, access logs, and activity data in OMN are subject to GDPR
Practical implications for OMN users
-
Personal data embedded in asset metadata (e.g. photographer name, GPS coordinates) should be reviewed before publishing
-
Images showing identifiable persons require a consent record
-
Retention periods for assets containing personal data should be defined and enforced
-
OMN access rights should be configured to ensure that personal data is only accessible to authorized users