What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law that will go into effect May 25, 2018. It means that there will be stricter restrictions on how individuals and companies collect, process, store and distribute personal data of the EU citizens – regardless of locations. This new regulation also requires an individual to give consent to organizations for them to store his or her personal data, he or she can revoke this given consent at any time.
Who is affected by GDPR?
GDPR affects every organization based in the EU and/or involved in processing EU citizens' personal data. Since people in the EU can visit your site, this means your are subject to the GDPR.
What is personal data?
Under GDPR, personal data means any information relating to a specific person. For example, personal data can be a photograph of a person, name, date of birth, email address, physical address, telephone number, computer IP address, financial information and so on.
How can I prepare for GDPR?
We advise you to review your website and list where and how you collect personal data.
• Do you have a contact form? How do you use the information you collect with the contact form?
• Is the share button active? Do you export the email address from your site into another system? (e.g., a newsletter service)
• Do you collect personal data on your site using third-party services? (e.g., Google Analytics.).
• what information you collect
• why you collect that information
• who you share that information with
• any other information that GDPR requires
As a photographer, how can I prepare for GDPR?
The first couple of things you need to consider are – how you handle and store your photographs and the purpose of the photographs. If the purpose is artistic, journalistic or academic, GDPR will not apply, given that you have a precaution in place to prevent the photographs and other personal data from hacking.
If your purpose is not listed above, you need to think about your legal ground of possessing the photographs, for instance an agreement or a consent.
How does GDPR affect street photography?
The purpose of street photography is normally either artistic or journalistic. As both journalistic and artistic creation are excluded from GDPR, photography of people in the streets and the subsequent photograph processing is normally permitted given that the subsequent processing has the same purpose.
Does GDPR apply to photography retroactively?
Yes, GDPR also includes photographs (personal data) taken before the new legislation begins to apply. GDPR does not apply if you have artistic or journalistic purposes with the images.
Does GDPR affect photographs with minors?
Only if you lack an artistic or a journalistic purpose. However, in general, children's personal data is particularly protected by GDPR. If a consent is required, it must be given by the guardians if the child does not understand the meaning of the consent (the rule of thumb is children under the age of 15).
How does GDPR affect photographs taken during social occasions?
GDPR does not prevent photography in the context of mingling or other social occasions if it is done in the context of artistic creation or for journalistic purposes. Even in other cases, it may be supported by so-called interest weighting, given that they are everyday images that reveal no more than harmless personal data. An assessment in the individual case based on common sense is recommended. Similarly, it is the purpose of the use that matters.
What does consent mean?
Consent means asking the person you photograph for permission. According to GDPR, 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Make sure to do this in writing because it is difficult to show what is said verbally. Do not forget that the consent will apply to any processing you intend to do with the personal data.
What is Portfoliobox doing to comply with GDPR?
• We are currently reviewing how we store and use data.
• We are reviewing our Terms and Conditions to be more transparent about our use and treatment of data. These updates will be made before the GDPR takes effect.
• We are determining what product changes need to be made.
Note: This guide does not constitute legal advice.