We are taking more and more photographs and videos every day, and with the rise in technology of smartphones it is so much easier to be a budding photographer. Events, activities either at home or out with the family; at work or a business networking event. We capture these moments on our phones and upload them to LinkedIn, Facebook, and even directly onto our own websites. Consent for photography is often something that slips our minds.

The legal implications

To be honest, it is quite a minefield. The UK’s legal position is that images and videos of individuals are clearly classed as ‘personal identity data‘. How about images taken at work events, or when you are attending a business networking event? How should these be handled?

There are no specific laws that relate to image rights. Instead, there is a mixed law which includes protecting your rights, preventing an image being used, human rights law and ‘passing off’. Complying with the data protection law is vital here. Be careful before you get your camera or smartphone out. The best way to protect yourself is to create a release form in advance. Not only will this protect you further down the line, but it is also a good practice to implement.

Think about this scenario

You may be thinking, surely the implications of not having permission to take someone’s photograph aren’t that bad?

Picture this scene. You are at a local park, and you see a group of people playing sport and you think the scene is attractive and worth capturing. You then upload this to Facebook, or a public feed. In this instance, the image would not constitute as ‘personal data’ as you are not looking to identify the individuals.

However, what if a friend, who is also an employer, sees the photo and spots one of their employees who was ‘off sick for the day’ in the picture. This could eventually lead to disciplinary procedures being implemented as the employee has taken time off under false pretenses.

Consent forms

The key is to be careful where you collect personal data, and how you plan to use it. If you are taking photographs, think about how to approach the situation. A consent for photography form is useful here.

Ensure that individuals featured within the photograph sign the consent form, and handle this as a separate issue to any prior approvals e.g. consent for contact via email.

The consent form should include the following:

  • How the images will be used
  • Where the personal data will be stored
  • That the individual must be over 16
  • Whom to contact with any questions
  • The application of the GDPR and DPA 2018


So the key tips for you to take away are:

  1. Before photographing an event, ensure you are prepared and have a release form available for people to sign (in advance).
  2. Review any release forms you have saved as templates to ensure they are up to date.
  3. Make sure you have a contract with the photographer themselves – this should cover moral rights, as well as whether you have to attribute the photographer.
  4. Ensure all photographs are stored in a safe place on your systems. Include dates and the reasons why you are entitled to ask permission. You need to be able to delete the photos in accordance with your retention policy.
  5. Only use these photographs for the specified use stated on your consent form.

We hope this has helped to explain the importance of getting consent for photography, as you never know what it could lead too (just like in the scenario above). Please feel free to contact the team if you have any questions at all.

InfoLore are available to offer support on your journey to GDPR Compliance. If you like our articles / blogs and would like to be kept up to date with GDPR and cyber security, please sign up to our newsletters. We promise not to send more than one a month, and only if we have sufficient information to impart.