GDPR and Networking

GDPR (and event photography)

NTFB Blog Posts - GDPR

Photographs of people at events could be potentially considered as personal data and therefore be caught by GDPR. You might be using photographs that you take at events in print or digital media to provide information about your event or network or on social media to market your events and generate a buzz.

Taking and retaining photographs of people at events could potentially be considered as personal data (if you can identify them). Where you are sharing the name and image of a person and these are directly linked – or are capable of being linked – then the person can be identified. This will clearly be personal data and you should seek consent.

Where you are taking “situational images” you may or may not require an individuals consent.

If you are an event organiser you will, therefore, have to consider and assess the risks and consider on a case by case basis.

Do a risk assessment/audit. Is it personal data? Do you need consent or are you relying on another ground? (e.g. performance of a contract, legitimate interests). Where consent is required, ensure that you have a process for obtaining and recording consent, as well as a process for withdrawing consent. Update your privacy policy to reflect your process.

Consent on Registration

It is unlikely to be enough to include in your privacy policy embedded on your website somewhere. Instead, it is better to also include on your registration page or booking form that photography and videos may be taken at the event and that by attending you are giving your consent.

If you are identifying people by name in photograph captions – you should get their express consent (rather than rely on the boilerplate).

If a participant wishes a published image removed, you should confirm that you can be contacted and the image will be removed from the web as far as possible.

For any speakers or hosts at your events, you should ask them directly to give their permission for you to publish photographs and videos together with their name, title and company (as appropriate). As they are likely to be speaking at your event for publicity it is unlikely that they will have any issue with this and should be happy. Again, of course, you should still make it clear that they can contact you to remove an image.

Remind People that there is Photographer

If you are hosting a large event and have a photographer (or videographer) at your event specifically to photograph the event remind people that they will be around and advise them that if they do not want to be included in any photographs to step out of shot and/or let you know (or whatever is appropriate in the circumstances).

Photographs that don’t need consent

If the persons being photographed is unrecognisable, e.g. if they have their back to the camera, or they appear out of focus then their consent is not necessary. A lot of event photography for smaller events, therefore, will focus on the speakers, hosts and photographs of the room from the back or of large crowds.

You can also display notices and signs at the event to remind people that photography is being taken at the event.

Use your common sense

For networking events, it is usually the case that people are there to network and to promote themselves and their companies, therefore in most cases it would be unlikely that they would have any issues with photographs. To minimise any risks you should of course use professional and appropriate photographs of people smiling happily and just simply having a good time at the event.

Individual Rights of Action

Any individual who you do take a photograph of and “publish” can request that any photographs are removed and deleted. Even if they have given consent, they can of course withdraw their consent.

You should include contact details in your Privacy Policy so that people can easily contact you to make the request and if they make such a request – you should action it.

Nothing in this blog post is to be taken as legal advice on GDPR. It is only intended to give you points that you may need to consider. Please visit the ICO website for full information on GDPR including how to carry out your own risk assessment.

Visit our Networking Templates for some examples and our template toolkit.

Leave a Reply