Sprout Studio is committed to treating all data received or transferred by or for our subscribers in compliance with the new EU GDPR rules.
Sprout Studio is a studio management software that acts on your behalf as a data processor. The Sprout subscriber is the data controller and as such the primary GDPR responsibility falls on you the subscriber in relation to your end client in the EU and UK.
A copy of your client’s personal data is stored on secure servers through Sprout Studio’s third party providers. The providers are located in the USA and are certified under the EU-U.S. Privacy Shield Program.
Sprout Studios itself is based in Canada and as such we already have adequacy status, see article 45 of Regulation (EU) 2016/679
Some tips for best practices
In regard to marketing to clients, when in doubt, get fresh consent. In other words, include an opt-in for clients to check a box if you want to market to them. Implied consent is no longer acceptable. Pre-ticked checkboxes are no longer allowed.
If a client opts in to receive an information pdf on your website or landing page by giving you an email address you may only send them information on what they asked for. Be sure to always include an option to unsubscribe or opt out on all communications to a client.
In your online contracts, add a checkbox for the client to expressly give you consent to use their photos/images for your studio marketing and promotion and list anywhere you will want to use those images. (this checkbox feature already exists in Sprout)
Keeping your client’s data. You can retain client information while you are providing services to them and then for a reasonable period after that. (contract limitation is six years)
This information is not meant to be construed as legal advice. Always consult your own lawyer.
For a more in-depth article on how the GDPR will affect photographers, please check out this video!