What is the GDPR?
The GDPR is the General Data Protection Regulation which replaced the Data Protection Act when it came into force on 25th May 2018. It's purpose is to ensure that organisations have strict policies and practices in place for managing and handling personal data. In light of the changes in data protection regulation, we have conducted a full audit of our processes.
At a glance.
When undertaking a photographic shoot, we do not ask for, require or store any personal data about pupils, staff or any other subject that we are photographing. Each image is assigned a reference number and all our order processing is carried out using this identifier. This is the letter and number sequence found on proof cards or ordering documentation.
Order processing for the education sector.
All ordered photographs are encrypted and sent to our laboratory. Parents/carers supply us with theirs or their childs name so that we can return the sealed order back into nursery, school or pre-school with this name attached. This allows staff to hand out the orders without any confusion.
Following the delivery of orders, we do not hold or store or any personal data of any photographic subjects.
If requested, the school or pre-school is left a CD/USB with images contained in folders to be uploaded on to the MIS system. During this process, at no time do we link an image to any personal data.
If for any reason a job does require us to collect personal data, we will work within the GDPR requirements.
How does this affect schools?
In the majority of cases for school and pre-school photography, we act as the data controller. We are committed to working closely with all of our clients to ensure that we assist them with GDPR compliance. If you are an organisation and would like to discuss this with us, please use our contact options.