6 December 2019
The importance of data protection to artists
By Naomi Korn Associates
General Data Protection Regulation (GDPR)
It has been over a year since the General Data Protection Regulation (GDPR) was transposed into legislation across EEA member countries and in the UK as the Data Protection Act 2018. The Act confirms data management as vital, both in terms of commercial strategy of businesses and safeguarding data as something that is personal and not something which is vague and disposable. When processing data we are processing the details of a person’s life and so care should be given as if the details are our own.
How is personal data defined in UK law?
In UK law we define personal data as: “any information relating to an identified or identifiable natural person in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/
How to comply with Date Protection laws as an artist working as a sole trader or a small business
Individual artists working as sole traders or small businesses who handle personal data must comply with the law. Here are our top tips:
- Understanding what is personally identifiable data is paramount. This includes the collection of names and addresses, contact details including business emails etc.
- A privacy statement should be published on a website to communicate how personal data is processed.
- It is vital to keep a record of how information is handled. This is a basic part of day to day business. It does not have to be onerous or a chore but a key element in managing other’s information with respect and showing that it matters to you. Reputations for good service are built on this.
- Data protection issues will affect all types of carriers of personal data – not just digital. This will include paper records, photographs, sound recordings, films etc.
- Rights and privacy know-how nearly always means contract know-how too. Putting in place robust contracts with third parties and/or making sure you understand what you are signing is crucial for ensuring compliance.
- Not all data breaches need to be declared to the ICO, but it is vital that no matter what, you have sensible data breach policies in place to record any that happen. Breaches to be declared to the ICO include any loss or theft of personal data that could potentially cause harm or distress to the individual concerned.
Know the facts about Data Protection
- There is lots of over reaction to the new laws. Ignore instructions such as “all personal data must be deleted from emails”, “you must delete someone’s records if they have not responded to your requests to confirm twice”, “you must delete all records of people who have resigned”, “delete all electronic records, but manual records are OK”, “you must always ask for permission before you can hold someone’s personal data”. These and many more are nonsense.
- Data Protection laws apply to print and digital forms of personal data. Know what you have, why and where it is stored. Decide if you should keep it or not, and if so, make sure you plan how you keep it safe.
- Get the facts about when you may process, i.e., obtain, record, manage, structure, store, amend or delete, or disseminate personal data. The reasons can be found here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
Naomi Korn Associates provides public training sessions and consultancy relating to all things data protection. If you would like to find out more please contact firstname.lastname@example.org
This blog was originally written for the Royal Society of Sculptors.
© Naomi Korn Associates, 2019. Some Rights Reserved. The text is licensed for use under a Creative Commons Attribution Share Alike Licence (CC BY SA)