Log in to:

Portraits - a serious GDPR issue

...and the increased use of face-detection makes it even more critical

Eikonice ensures that you always protect your employees’ privacy and provide full autonomy of their own data adhering to GDPR. We offer a GDPR compliant portrait-management system from day one

What is personal data?

Personal data is any information about an identified or identifiable person, also known as the data subject. Personal data includes portraits, which are considered biometric data.

The cost of non-compliance

Failure to comply can be a costly affair. In recent years, many fines amounting to several million euros have been issued, with Amazon topping the unflattering list with € 746,000,000.

A few others include
  • British Airways (2020) : € 22,046,000
  • notebooksbilliger.de (2021) : € 10,400,000
  • Sky Italia S.r.l. (2021) : €  3,296,326
  • Danske Bank (2022) : € 1,300,000
Right to access and right to data portability

You must ensure that individuals have the right to access their personal data, free of charge. If you receive such a request you have to provide them with a copy of the personal data being processed (in an accessible format)

In regards to portraits, this means that an employee has the right to see and download a copy of any picture, in which they are identifiable.

Right to correct and right to object

If an individual believes that their personal data is incorrect, incomplete or inaccurate, they have the right to have it rectified or completed without undue delay.

This means that any employee can demand that their corporate portrait is updated to be an accurate representation of them.

Right to erasure (right to be forgotten)

In some circumstances, an individual can ask the data controller to erase their personal data, for example if the data is no longer needed to fulfil the processing purpose.

An organisation can no longer use an image of an employee, after the employment has ended – requiring the organisation to have a complete overview of how and where portraits are used and stored.

The General Data Protection Regulation act, better known as GDPR, has defined personal data and a number of requirements for companies collecting, storing and managing personal data. Personal data is any information about an identified or identifiable person.

Portraits are considered a part of personal biometric data and categorized in the group of sensitive personal data. With the increasing use surveillance and security system, the use of face-detection systems is attracting more and more focus. It is expected that privacy around portraits will get a much higher attention when it comes to future revisions of the regulations and when companies are being GDPR autited by external companies.

Requirements for the company

With the increasing digitalization and use of portraits in many different company platforms, managing and handling employee portraits it has become much more critical for the company to comply with GDPR.

The Company has the obligation to:
  • Collect individual employee consent for the company to use their portraits on marketing material, on web-sties and in internal systems.
  • Manage change of consent from the employee during the employee journey
  • Respond to request from the employee to identify where portraits are used
  • Respond to request from the employee to delete portraits in all company systems.
  • Manage individual employee consent for the company to use their portraits on marketing material, on web-sties and in internal systems.
  • Manage change of consent from the employee during the employee journey
  • Respond to request from the employee to delete portraits in all company systems, when the employee leaves the company.
In order to be GDPR compliant the company should therefore evaluate:

Where are the portraits stored – on a local PC or a central storage? Is storage made on a shared drive where everybody has access to the individual portraits? How do the company protect privacy and avoid copying and distribution? Are the portraits stored with at filename of the person? In which systems are they used? Does the company have consent from everybody and how do you keep track of this? How is the consent list updated when a new employee start or an existing employee leave the company or the organization. When using external photographers, does the photographer have systems and processes in place to handle portraits in compliance with GDPR, from photoshoot through processing and delivery.

Many systems will have their own functionality to support the system related GDPR compliance issues, but it is a tedious and time consuming task, to keep track on portraits across different systems and in different locations.

GDPR compliance through-out the employee journey

In terms of integration, Eikonice is very flexible and can be used in a semi-automated way – and still give the company the full advantage, when it comes to GDPR compliance. Full integration means that Eikonice stays updated via the company ADD or HR system. Upload of portraits to the company website and other digital platforms is done directly. For implementation of the integrated eikonice solution we need to have a dialogue with the IT-department to understand the IT-architecture and how we optimize the use of Eikonice. But in a Semi-automated solution, Eikonice will simply act as an external support for your photo processing – and integration to Eikonice will be done through uploads from excel/csv files and bulk downloads of final portraits to your server. In this way, Eikonice will still be an important and effective tool for you creating increased efficiency and savings, in relation to your current way of working.

Contact us

Eikonice.com
Rabalderstræde 7
4000 Roskilde
Denmark

CVR: 36082909

Mail: info@eikonice.com

Visit us on social media
Facebook Instagram Linkedin

Privacy, data ownership and achieving GDPR compliance from day one

eikonice ensures that you always protect your employees’ privacy and provide full autonomy of their own data adhering to GDPR. 

Portraits are considered personal data, and with the easy tagging and filing system you can easily delete any portrait upon request. You can even have the portrait be deleted automatically when the employee no longer works at your company. 

Get in touch

We look forward to hearing from you…

Please feel free to contact us should you have any questions or inquiries.


Free e-book

Learn how to take great corporate portraits

We have gathered the most important tips and tricks in an easy-to-follow guide – dedicated to helping people who need to take great pictures of their co-workers or employees for ID-cards, newsletters or SoMe-purposes. Absolutely free.

Yes!

I’d like to get the free e-book “How to shoot a portrait like a pro”

Yes!

I’d like to know more…

Please provide your contact information and we will get back to you regarding a free webinar with a demonstration of the most efficient way to handle corporate portraits.