Tips on How to Properly Source an Image Online & Websites that Offer High Quality CC0 Images

By Rebecca Imaizumi, Marketing Assistant, NKCC


Where do you look when you need high quality pictures for your website, blog, twitter or Facebook? The internet is filled with beautiful images. It’s easy to download them and reuse them without seeking permission from the rights holder. However, it’s important to keep in mind that the rights holder of the images you see and download from the internet may not have given permission for other users to download them for their personal or commercial use. There have been cases where users have been prosecuted for infringing copyright by using images without the copyright owners’ permission. Being prosecuted for copyright infringement could lead to fines, potentially damage your company’s reputation and even lead to losing trust from your customers. So, how do we know for sure that we have the permission to download and use images? Here are 3 tips to help you find high quality images!


Tip 1: Look for images that are labelled as “CC0” (Creative Commons 0). Never heard of CC0? Here is the definition according to

CC0“No Rights Reserved”

“CC0 enables scientists, educators, artists and other creators and owners of copyright- or database- protected content to waive those interests in their works and thereby place them as completely as possible in the public domain, so that others may freely build upon, enhance and reuse the works for any purposes without restriction under copyright or database law.” (

This indicates that the rights holder has given permission for anyone to download, use, edit for all their uses and does not require you to attribute the source. (However, it might be nice to cite the source out of courtesy and respect for the rights holder). However, there are occasionally images that state “CC0” but you come across the same image sold on another site. In that case, it could be possible that the rights holder has not given permission to others to use freely and so you would be advised not to use it.

Tip 2: A helpful tool to use is It’s a reverse image search engine which will help you determine the source of the image to make sure it is indeed CC0.

Tip 3: Here are some websites that offer free high-quality images, but the license of these images might change over time so double check to make sure they are indeed CC0 before downloading and using.


Creative, 2018. Accessed: 2 Mar, 2018. Available at:

1stimage: Dariusz Sankowski.

2ndimage: Geralt.

GDPR: What you can do now?

With just under two months until the GDPR (General Data Protection Regulation) becomes law in the UK (25 May 2018) what do we think are the key things to concentrate on now?

1. GDPR is a great opportunity for you to start your journey towards data protection compliance. It’s not a destination. This means that you can start making changes now, and continue embedding better compliance activities after 25 May.

2. Think about what personal data you are already processing, why, where you are holding it and for how long? If you don’t need it anymore – spring clean and get rid of it.

3. A retention schedule outlining timescales for holding personal data is crucial. It is likely that there will be other reasons (legal/regulatory) such as pension commitments, gift aid, tax etc that will determine for how long you need to retain personal data.

4. Don’t set an arbitrary timescale for retaining personal data because this could mean you are breaking other laws/obligations you may have to keep personal data for a specific period of time.

5. Review and amend your privacy notice. Part of your obligations under GDPR is to be clear and transparent about what you are doing with personal data and why etc?

6. Communicate your privacy notice in accessible language. Make sure your privacy notice has prominence on your website and also think of other ways you can communicate your policy on processing personal data at the point of collection. Remember that not everyone has English as a first language and your privacy notice should also take into account different levels of literacy, ages etc

7. Establish an internal procedure to deal with data breaches. You should document all data breaches, as well as ensure that data breaches with the potential to impact on the rights and freedoms of any individuals are declared to the Information Commissioner’s Office (ICO).

8. Register where you are required to do so with the ICO as a Data Controller and put in place a named Data Protection Officer (DPO).

9. Review your contracts with those who are processing your personal data. Any data processors must demonstrate compliance with the GDPR. You must pay particular attention to any data processors located outside the EU.

10. Breathe in Data Protection. Think about it from both an operational and strategic perspective. Build it into project planning, staff training and awareness. Finally, think about how you can continue your journey towards a “Privacy by Design” culture post 25 May and allocate resources and time accordingly.

Naomi Korn, Managing Director

(c) NKCC, 2018. Some Rights Reserved. This article is licensed for reuse under a Creative Commons Attribution Share Alike Licence.

New training partner – Civil Service College


NKCC will be working with the Civil Service College on a series of General Data Protection Regulation (GDPR) and Freedom of Information (FOI) training courses.

In May 2018, the GDPR will become the Data Protection Act 2018, which will increase organisational transparency and accountability in the collection and processing of personal data, as well as the rights of those whose personal data is being collected and processed. The NKCC training will help participants understand the impact of the changes, create an accurate framework to deliver their FOI obligations and ensure their existing systems meet all requirements whilst allowing participants to handle FOI requests more efficiently and increasing their knowledge of best practices

The Civil Service College is committed to providing excellent and professional training provided by the most knowledgeable people in their field and we are delighted to be working with them to provide training for those working in Government and the wider public sector.

Naomi Korn, Managing Director: “I am really excited that NKCC will be delivering training in partnership with the Civil Service College. They provide an essential role in providing members of government as well as the public sector with the best possible training and I very much look forward to working with them.”

Sonny Leong CBE, Civil Service College CEO: “We are really pleased to work alongside NKCC, one of the UK’s leading experts in copyright, data protection and licensing. Naomi Korn’s expertise in this field will be of great value to civil servants and public sector workers preparing for the changes ahead.”

For further information about the course and to book a place click here.

If you would like to contact NKCC with regards to hosting training courses, please contact Patrick Ibbotson, Project Manager


If you would like to find out more about the Civil Service College, please contact Grace, UK Account Manager, on 0208 069 9017 /


Notes for editors

For more press information please contact Patrick Ibbotson, Project Manager at NKCC on

About NKCC

NKCC is one of the UK’s leading management consultancies specialising in copyright, data protection and licensing. The NKCC team, headed up by Naomi Korn, Managing Director, brings together a wide range of specialists with the expertise and skills to support organisations comply with their copyright and compliance responsibilities, such as data protection and the new GDPR.

NKCC provides expert training and development, rights clearance and consultancy services to support organisations fulfil their legal compliance requirements.

About Civil Service College

Civil Service College provides the highest quality training to Civil Servants and Public Sector workers. We pride ourselves in having leading experts in all areas of training from Accountability and Governance to Policy Skills. Our courses are highly participatory with small group sizes allowing for meaningful interaction with our trainers. Having the right training is crucial to being effective in any role and is of critical importance to the success of our brilliant civil service.


Free copyright permission form available

Following the Copyright Essentials course that Naomi and I attended recently for Northamptonshire Heritage Forum and Museum Development East Midlands at the wonderful Aviator Hotel in Wellingborough, we are delighted to be able to offer a free copyright permission form, available here:

NKCC_Copyright Agreement_Final_with Header


We hope this will be useful to all our friends and colleagues.

This form will help your organisation formalise the process of acquiring copyright from the rights holder. It can be used when seeking a transfer of copyright or permission to reproduce items you have acquired into your collections and/or items you are planning to acquire. With subtle changes to wording, it can also be adapted to suit other content that you wish to reproduce.

Thanks to Northamptonshire Heritage Forum and Museum Development East Midlands for inviting us to run your Copyright training for you.

If you have any enquiries about our resources or if you would like Copyright or Data Protection training, please get in touch with me at

Meet Patrick Ibbotson: NKCC Project Manager

NKCC is delighted to announce that Patrick Ibbotson will be shortly joining NKCC as a full time Project Manager. Patrick will have responsibility for overseeing current NKCC projects, developing new initiatives for the company and supporting NKCC, its consultants and its Managing Director, Naomi Korn.

Patrick headshot

Patrick will be coming to NKCC from the Museum of London, where he has worked for over four years managing the relationships with donors, including corporations, trusts, foundations and individuals. Prior to the Museum of London, Patrick worked at The Big Give, an online giving platform founded by Sir Alec Reed. Patrick attended Leeds University where he studied English Literature and Philosophy, and Lille University where he spent a year with the Erasmus programme. He is a keen film fan, and produced documentaries during his time at university, one of which won a 02 Media Award. He is a lifelong fan and season ticket holder of Leeds United.

Patrick Ibbotson:  “I am really excited to now be a part of NKCC!  It’s a great company and I’m looking forward to getting to know NKCC’s clients and helping the company develop”.

Naomi Korn:  “Its great to have Patrick on board. He’s got tremendous skills and I’m confident that as part of the NKCC team, the company will continue to grow, providing the excellent services in copyright, GDPR and information law for which we are known”.

Patrick will be starting at NKCC on 12th February 2018. His first day will be spent with Naomi Korn and Professor Charles Oppenheim at the National Museums of Scotland in Edinburgh.

GDPR or Getting Data Protection Ready

By Carol Tullo, Non Exec Advisor NKCC


Christmas Day will mark the 6 month point before the new data protection regime is operational from May 25, 2018. This offered a seasonal hook for my personal reflections on data protection preparedness across a number of organisations that I have worked with and advised this year.

There are lots of countdown clocks and collected checklists available online. It can be scary. Ultimately though, data hygiene and preparation for the changes comes down to planning and confidence.  If you are responsible for data that drives your business, organisation, school or university then the loss or compromise of that data will drive a loss of confidence and, worse, loss of reputation.  Working across government, I saw departments developing robust information assurance systems and security capacity.  Government, like most institutions, is good at putting in place technical controls to manage information risk.  The weakest part of any system will be the people that use it.  Reinforcing the message that safe and secure handling of personal data is everyone’s responsibility from the senior through every level of your organisation continues to be a significant piece of learning for many.  Training offers and workshops focus on giving people confidence in identifying the risks and how to deal with them in simple stages and practical steps.

Nothing new here then?  If your organisation has been DP compliant and aware to date then you are well on the way to being GDPR compliant.  The aim is to build on the existing personal data handling but adapt it to our changing digital world.  The current Data Protection Bill places this firmly in the digital space.

A few months ago, I first heard the expression that GDPR is simply Data Protection on steroids! It is a direct way of saying it is more of the same and stronger, better, faster… to coin a phrase.  I have seen awareness taken very seriously.  Holding a data awareness month in the office, regular blog posts on intranets, internal newsletters and posters in the lifts, glossaries of terms, staff briefings and training –  just a few of the many initiatives.  Equally, I have been surprised at the lack of knowledge – still – about the need to strengthen data controls and housekeeping.  I know that in leading or attending external training events and conferences, that also reinforces messages internally and drives home personal understanding of how we expect our personal data to be managed and held.  The need for unambiguous consent and the recording of consent means that standard alerts on websites and opt out consent to cookies will no longer be fit for purpose.  If services are offered to children, then age verification and parental consent measures need to be thought about.  I have also heard comments that the threat of the Millennium Bug [ remember 31 January 1999] was a damp squib and that GDPR will be the same.  GDPR delivers a safer data environment and is a wakeup call for those that have been lax in the past.

My first starting point would be to look at your privacy policy or statement.  Don’t have one?  Then get help and advice to draft one that clearly explains what you capture or hold, for what purposes, for how long and your security measures.  Then think about how consent can be withdrawn or requests for the data held supplied.  Much is common sense.  If you do have one, then it is time for a refresh.  Use the opportunity to restate the data standards you require for your teams and colleagues to be compliant.  Data management and data privacy may not have been in Dicken’s mind in Christmas Carol but they are the skills to equip us all for our 2018 digital past, present and future.

(c) Carol Tullo, 2017.

The contents of this blog post can be shared and re-used under the terms of a Creative Commons Attribution Share Alike Licence


GDPR Top Tips

Following a series of data protection – GDPR training sessions for schools, charities and museums this month, here are my top tips.


Top Tip #1: Avoid scare-mongering about GDPR. Its a step up from current data protection laws, and there is no magic bullet. GDPR is about embedding long term systematic “privacy by design” processes and policies within organisations. There is no ICT system that solves it!

Top Tip #2: You can bring together your external compliance obligations in one place. For example, your privacy notice should clearly state why you are collecting personal data etc. It can be published online with your copyright notice which explains what your position is on copyright, and stating what users to your website can do with your content.

Top Tip #3: Being compliant with Data Protection falls within  Schools, colleges and university’s broader safe guarding responsibilities.

Top Tip #4: Data Protection laws apply to print and digital forms of personal data. Know what you have, why and where it is stored. Decide if you should keep it or not, and if so, make sure you plan how you keep it safe.

Top Tip #5: If you can’t find a legal justification for processing personal data, delete or destroy. Otherwise its your risk.

Top Tip #6: The new Data Protection laws are a great opportunity to spring clean your personal data and/or reconnect with people with whom the personal data you hold on them belongs.

Top Tip #7: Make sure you understand your obligations as a Data Controller when others are processing your personal data on your behalf. Always ensure you use robust contractual agreements between you and your data processors.

Top Tip #8: Think holistically about how you can embed “Privacy by Design” into everything you do. Your existing policies like social media, ICT & HR can usefully be amended to cover your new GDPR obligations.

Top Tip #9: Embed clear guidance about data protection into staff awareness & engagement. its everyone’s responsibility.

Top Tip #10: Map out your next steps to be complaint with GDPR in an action plan comprised of short, medium and long term actions and who will take them forward. You won’t be able to do everything at once, but you can start your journey sensibly whilst committing to long-term organisational change.

The contents of this blog post can be shared and re-used under the terms of a Creative Commons Attribution Share Alike Licence