GDPR & Justin Krause Photography
On 25th May 2018 a new data privacy law will come into effect. The EU General Data Protection Regulation (GDPR) is a complete overhaul of the legal requirements which must be met by anyone involved in handling personal data of EU citizens. The aim of the regulation is to give citizens greater control over what can be done with their personal data by businesses. This will be enforced by large fines – up to 20million Euros or 4% of a company’s global turnover – for non-compliance.
The regulation is only to be observed by organisations which employ over 250 people which implies and that many small businesses will be exempt. However, this isn’t true. A business of any size must comply if it’s involved in regular ‘processing’ of certain categories of personal data, which includes collecting and storing as well as using personal data.
Every organisation’s journey to GDPR compliance is different. It depends on, among other factors, company size, the types and amount of data it processes, and its current security and privacy measures.
Here at Justin Krause Photography, trust is the foundation of our relationship with you, our clients. Respect for privacy and security of stored images and information was built into our business from the beginning with all external hardrives and contracts being locked in safe boxes when not in use. We’ve never bought or sold customer data in the 8+ years of trading. GDPR takes us further and as a family run business who values our own privacy, we embrace it..
Your Contact Details.
We have your contact details (name and email address at a minimum and at most your home address for contracted work and age for minors) if you have gotten in touch with us in the last 3 years for Wedding, Portrait, Commercial or any other form of photography, video, graphic design or social media page management. This contact data is only used to contact you with regards to your original enquiry. Any other form of marketing contact is a breach of GDPR. Moving forward, email addresses that we have had no contact with for 18months will be deleted. Currently, we do not have an email newsletter, but if do we introduce one and you’d like to stay in touch or you would like us to keep you on our contacts list, please drop us a message via the contact form
on the our website.
Storage of images and information.
Our images are stored on local memory cards and are then transferred to encrypted, GDPR Compliant storage devices for editing and storage and are only accessible by representatives of Justin Krause Photography. For local memory cards that cannot be encrypted we follow the Information Commissioner’s Office (ICO) guidelines which you can find here
Your contact details and their security are important to us. Paperwork still accounts for many common security breaches including, but not limited to identity fraud . According to the UK’s data protection regulator, the ICO, 40% of the 598 data security incidents recorded between July and September 2016 were attributable to paper breaches. For this reason from 25th May 2018 we are going fully paperless . Existing, previous contractual agreements which were paper-based have been scanned, stored in an encrypted facility and then shredded. All new and contracts and contact information pertaining to your enquiry are stored for us to access in Dropbox. Dropbox is ISO 27018. This is the internationally recognised standard for leading practices in cloud privacy and data protection and is also inline with (EU) GDPR standards.
Our work. Your Image. Opt-In (please).
We use contracts and consent forms to undertake your photography or media needs. This means everything in black and white. When the contracts or consent forms are signed you have the opportunity to opt-in for us to use images (photographs and/or video) of you. This includes sharing images of you from your wedding or portrait session etc on our facebook or other social media pages for you to show your friends. You, however reserve the right to opt-out of this and to ask us NOT to to use your image for any of our marketing or promotional use.
With regards to images of minors (Age 16 and under) the law doesn’t necessarily require consent from children. That being said we think it’s really important that children and young people are included in the decision-making process and that their consent (or non-consent as the case may be) is respected, too. If a situation arises where a parent or legal guardian gives permission to use images while the child does not, we’ll go with what the child wants--after all, it’s their image that’s being used!
You can withdraw your consent for contact regarding your original enquiry or for use of your image or video at any time. Simply email us at firstname.lastname@example.org
and we will delete your personal contact data within 14 days.