The GPDR legislation for photographers has introduced important changes in the management of personal data to protect privacy, under penalty of penalties provided for by recent European legislation.
The protection of privacy today is a prominent topic that requires the utmost attention in all professional sectors. This is why it is important to keep informed and updated.
We are not always aware of the granular legislation that governs our professional field. Strange? No, very common indeed ... because we are all always caught up in something else, caught in the grip of time that passes without letting us rest. And unfortunately, it happens that something daily may escape the attention of even the most scrupulous eye.
In this article, we explain what you should observe in order not to incur penalties and problems if your profession falls within the field of photography.
Starting from 25 May 2018, the professional figure of the photographer also had to adapt to the new GDPR (General Data Protection Regulation), the European Union regulation no. 2016/679 regarding the processing of personal data and privacy.
Lovers of photography, freelance professional photographers or employees of a photo agency are all, in equal measure, called upon to comply with the new EU rules on the protection of privacy.
Even if you are not involved in photojournalism, therefore, you must know that your photo shoot (whether with a latest generation camera or with a simple mobile phone) once published and disseminated on the web, can create even very unpleasant legal consequences.
This is why it is important to "take pictures" with caution and respect the limits introduced by the privacy law.
Anyone who works or "delights" with photography must know that when you take a photo of a person's face you are dealing with, preserving (and possibly disseminating) a very important personal data, for which you officially become responsible.
In the case of minors, then, the data is even more delicate to manage.
Whether you are a professional photographer specializing in portraiture, in wedding services, advertising, fashion or one of the many other genres of the eclectic world of photography, you must consider that among the data in your possession there are also those deriving from the contractual agreements made. before the service (or, again, collected over time in your database for marketing purposes).
These data are names, residential addresses, emails, telephone numbers and other personal information. Obtained digitally and stored in paper archives or on the computer, these are personal data of customers that must be treated with great care, like the photographs that immortalize them.
If you are a documentary photographer or, specifically, a news photojournalist, you will also have to respect the ethical rules for journalists.
Here are some practical tips for joining the European Union regulation no. 2016/679 regarding the processing of personal data and privacy:
- once a service contract has been terminated and invoiced, be it a confirmation, a photographic book to an artist or other, take care to map the data processed (to be managed for any marketing operations only with explicit consent) and / or to permanently cancel not only the photos but also the personal data of the customers (telephone numbers and email addresses). After the purpose of the service, in fact, photos and data always remain under your "protection" and responsibility. Take care to also delete the faces of third parties, if visible, so as not to incur future risks.
- In addition to mapping all the data processed and eliminating those you no longer need, another piece of advice we would like to give you is to use - for any marketing operations such as sending promotional offers and newsletters - only the data of those customers who have given you their express consent to the use of personal data. Data that, in any case, over time customers should be able to rectify through easy procedures.
- The third recommendation we would like to give you, strictly connected to the second point, is to enhance all the security measures of your computer systems or your archives. In fact, it is essential to avoid theft because if someone steals data from you and even unintentionally disseminates it, you could be sanctioned for violation of privacy.
- If you are the manager of a photo agency, or even a professional photographer who uses collaborators, be sure to educate your team well on how to deal with corporate personal data, giving each member written and verifiable procedures.
An excellent idea is also to provide a system of permits to allow employees only access to the data necessary for the performance of their business.
Last but not least ... review the old contracts stored in your database - or in that of your collaborators, if they have access to them for maintenance purposes - making sure that the privacy legislation is updated to the new GDPR directives.
In these cases, in fact, privacy also includes so-called 'particular' personal data, such as those relating to health and / or criminal law.