We manage a large number of digital assets (images and videos) containing identifiable individuals. Under GDPR, these assets are considered personal data and require proper consent management, traceability, and the ability to identify and remove or restrict usage upon request.

Currently, there is no functionality in the DAM to automatically identify individuals within assets, which makes manual compliance checks time-consuming and prone to human error.

Functional Requirements

Automatic Detection:

The DAM should automatically identify human faces in uploaded assets (images/videos).

Detected faces should be visually highlighted and optionally labeled.

Consent Linking:

Each identified individual should be linkable to a stored consent record.

If consent is revoked, related assets should be flagged or restricted from publication automatically.

Search and Reporting:

DAM users should be able to search assets containing specific individuals (based on consent ID or tag).

Generate reports on assets with missing or expired consents.

Asset Governance:

Assets with unverified or expired consent should be automatically hidden or marked as restricted for use.