Do you know how to use employee photos and be GDPR compliant?
How to handle employee photos and how to obtain consent for their use in compliance with GDPR?
You certainly have photos of employees on your website or company Facebook profile. Maybe you print company newsletters, annual reports or service cards. Until recently, the kind of thing you wouldn't have given a second thought. But as of May, GDPR could easily get you into trouble.
The problem is out in the world before you can say GDPR
Do you have a photo of an employee posing with a smile at a company party and intend to use it for marketing purposes to promote the company or, for example, for a yearbook or intranet page?Caution! Posing alone cannot be considered consent to the use and publication of a photograph.
And now we come to the controversial points. Not to make things unnecessarily simple, consent is not necessary for all types of photos. At the same time, it does not need to be given in writing. According to some experts, asking an employee for a photo for use in, for example, an article that you then want to post on Facebook, and he or she complies, can be considered consent. But who's to know? If you make a mistake, you pay hard for it. The fines go up to €20 million.
Identification card with employee photo? Only with consent
If it is necessary for employees to have their photo ID cards in order to maintain workplace safety, that is of course fine. But you can't take a photo for the ID card without the employee's consent. Ideally, send the employee to a photographer or ask them to supply their own photo. You can then process the photo without the employee's consent, but you must stick to the original purpose, i.e. ensuring workplace safety. You cannot use it in a newsletter, for example, without further consent.
Do you require consent when signing an employment contract? You can't get away with that
There is no doubt that it would be great if it were possible to ask for consent to publish photographs when signing an employment contract. In this respect, we won't make you happy.
Any consent to the handling of personal data must not be part of the employment contract and must not be blanket. Also be prepared that once you have managed to obtain consent, it can be withdrawn by the employee at any time.
If you are also dealing with how to handle employee photos and you are not sure if you are GDPR compliant, don't hesitate to contact us. We have specialists on our team who can help you with this issue.