Tempest Photography & the GDPR

What is the GDPR?

The GDPR is the General Data Protection Regulation which will replace the Data Protection Act when it comes into force on 25th May 2018. It's purpose is to ensure that organisations have strict policies and practices in place for managing and handling personal data. In light of the coming changes in data protection regulation, we have been conducting a full audit of our processes. 

At a glance

✔ In the majority of cases, we do not store personal data about pupils that we are photographing. Exceptions and how we deal with them, are detailed below

✔ We are currently working towards being fully compliant with the GDPR by 25th May 2018

✔ If you have any questions about Tempest and the GDPR, please contact our data protection team

How does the GDPR affect school photography?

For the most part, when we take school photographs, we don't collect any personal data of the students or staff who we are photographing. Each image is assigned a random and unique identifier. This is the 10 digit reference parents see on their order forms. 

After the photographs have been taken, they are then encrypted and sent to our laboratory. The school is left a CD/USB with images contained in folders to be uploaded on to the MIS system. During this process, at no time do we link an image to any personal data, or receive any personal data about the pupils. 

If for any reason a job does require us to collect personal data, we will work within the GDPR requirements.

How does this affect schools?

In the majority of cases for school photography, we act as the data controller. We are committed to working closely with all of our schools to ensure that we assist them with GDPR compliance. If you are a school and would like to discuss this with us, please contact our data protection officer.

How does this affect parents?

If you are a parent and would like to know more about how your child's image is being linked to their school ID, please contact your school.

What happens next?

We are committed to being fully compliant with the GDPR by 25th May 2018, whilst ensuring the level of service and relationship with our clients is maintained to the highest possible standard.  We will be releasing official documentation with regards to the GDPR soon, to ensure we can be clear about our data processes and continue to work effectively with all our schools. 

If you have any further questions regarding our changes for the GDPR, please contact dataprotection@htempest.co.uk.