Gdpr

rocky1996

Thank you everyone a mixed point of view. We never wanted this we are just like a family this is the first time it has happened and has taken us little on the back foot. It has opened a can of worms we are now worried that at exhibitions we sell cards and paintings on the reverse is usually details of Artist eg name an e mail / website of the artist now that's technically available putting our members details out to the public does that then become a breach? As the organising group do we need some sort of signed indemnity for allowing / having this information that is being shared to the generally public as we have no control on that information its crazy.

General_Grant

rocky1996 said:

Thank you everyone a mixed point of view. We never wanted this we are just like a family this is the first time it has happened and has taken us little on the back foot. It has opened a can of worms we are now worried that at exhibitions we sell cards and paintings on the reverse is usually details of Artist eg name an e mail / website of the artist now that's technically available putting our members details out to the public does that then become a breach? As the organising group do we need some sort of signed indemnity for allowing / having this information that is being shared to the generally public as we have no control on that information its crazy.

The details surely relate to the single individual who initiated that paining or card design. 

Presumably for the cards, they have either been provided by the artist (who had control over what is printed on the reverse) or the artist approved the galleys (or whatever they are called these days) and could see the details and check they were correct.

For the paintings - presumably originals.  If not already affixed by the artist, simply provide a copy of the label you propose adding and ask if they are happy with it.

What problem do you see?

rocky1996

the cards and labels more often than not have the artists e mail along with their website. When we have someone complaining that she doesn't want any member seeing her e mail address in our closed group seems odd when all members could see it if they looked at her cards and paintings and we do all look at others works. I could go on her website today and share her contact details with all our members if I so wished which is why I see a flaw in her objection. As we hold all our members details and do not share those details are we in any way responsible if their information be displayed on their works?

ACG

Just to give you an example of our GDPR terms... We need our customers to agree that we can share their personal details with other companies. They can refuse to provide that permission, but if they do we can not move forward with them. For the obvious fact that we are mortgage brokers and we need to share their details with a mortgage lender. 

You have to agree to this persons request, but if that makes it difficult to communicate with them, thats the outcome of their request. You can change the way you communicate, but you do not have to. 

The options appear to be:
1) They set up an email address they are happy to use in the group,
2) They back down,
3) You find a way to make it work,
4) They miss out on emails.

ACG

rocky1996 said:

the cards and labels more often than not have the artists e mail along with their website. When we have someone complaining that she doesn't want any member seeing her e mail address in our closed group seems odd when all members could see it if they looked at her cards and paintings and we do all look at others works. I could go on her website today and share her contact details with all our members if I so wished which is why I see a flaw in her objection. As we hold all our members details and do not share those details are we in any way responsible if their information be displayed on their works?

You need their permission to put their name on it. 
I am not sure about their website as it is public domain. Easiest way is to put a document together that says something along the lines of we plan to use your personal date in a number of ways which includes communicating between members of the group and also providing potential customers with your details, please confirm which of the following you are happy with:

- Sharing your name/email address between members - yes/no
- Sharing your name on your art work with potential buyers - yes/no
- Sharing your email address on your artwork....
- Sharing your website on your artwork...
- Anything else. 

Also, I think you may need a data protection license (have a look at the ICO website) its £35-40 a year. 
You also need a document which states where data is held  and what data is held- so that will probably be phone numbers/name on mobile phone, email address/name on outlook/gmail whatever, address maybe? 

Its mental isnt it. I think you would be fairly safe with having the above. We have quite a bit which includes back office systems, servers etc. It took me about 2-3 weeks working through the ICO requirements for GDPR and putting it all in place. 

General_Grant

ACG said:

Just to give you an example of our GDPR terms... We need our customers to agree that we can share their personal details with other companies. They can refuse to provide that permission, but if they do we can not move forward with them. For the obvious fact that we are mortgage brokers and we need to share their details with a mortgage lender. 

You have to agree to this persons request, but if that makes it difficult to communicate with them, thats the outcome of their request. You can change the way you communicate, but you do not have to. 

The options appear to be:
1) They set up an email address they are happy to use in the group,
2) They back down,
3) You find a way to make it work,
4) They miss out on emails.

5) (actually an option under 3)) - put their address in bcc: box when writing emails to the group.

I can understand to some extent not wanting the email address to be on open display in an email going to a group.  That is because if one of the other recipients had their email account hacked, the hacker could send out emails to everyone in that person's email address book.  Not all that likely but not impossible.  (I know I've received fraudulent emails in that way.)

rocky1996

Thanks again everyone and perhaps for your own information I have spoken to the IOC office and they have confirmed this would not be seen as a data breach but did suggest a slight change on or permissions and also on sharing emails etc when exhibiting paintings and cards with the artists details on them..

TBagpuss

rocky1996 said:

the cards and labels more often than not have the artists e mail along with their website. When we have someone complaining that she doesn't want any member seeing her e mail address in our closed group seems odd when all members could see it if they looked at her cards and paintings and we do all look at others works. I could go on her website today and share her contact details with all our members if I so wished which is why I see a flaw in her objection. As we hold all our members details and do not share those details are we in any way responsible if their information be displayed on their works?

I think for your peace of mind you probably want to have some initial informatin which makes clear what happens. My understanding of GDPR is that you have to give people information about how thir data will be used so if you have a GDPR statement you can set out that the information will be used:

- to enable the group to communnate with the member and for members to communicate with each other 
- to identify the artist of works and allow potential buyers to contact the artist 
- to provide a list of members to other members


and perhaps say that by joining the group you consent to have your name,  email and website details included on cards / back of the pictures when artwork is exhibited (which may include being exhibited and the information provided oline) and to emails sent to you which may allow other members of the group to see your email .

That way, you are spelling out at the beginning what ill be shown where and if someone has a conern about that then they can riase it at the beginning (and they can then set up a differnet e-mail address, or request that their name appears in a a differnt format (e.g. initial and surname rathr than full name, for instnace0 if they have secrity or other concerns. 

I think even where someone has website or other detials publicly available they may still be ucomfortable with sharingthose in other contexts so while I understand that you didn't see it as an issue becuae it is public already, it's not wholly unreaspnable of her to be concerned. 

Maybe moving forward flag it up at the outset and that way if anyone does aobject they can either chose not to join the group, or to provide a differnet emails address. 

marmite1979

JReacher1 said:

It’s a small arts group so doesn’t sound like a big organisation and the complaint is a bit petty. I would kick her out of the group as I imagine she will be trouble going forward. 

Would you be ok if a group your part of started passing on your phone number to anyone? CC an email to others who can then see your email address is no different. Furthermore she requested that they are not to. Whether she has it on her website is her business. 
I've a colleague who's too lazy to ensure that he doesn't disclose personal contact details when CC'ing people which resulting in him forwarding documents containing the whole departments NI Numbers and payslips.

JReacher1

marmite1979 said:

JReacher1 said:

It’s a small arts group so doesn’t sound like a big organisation and the complaint is a bit petty. I would kick her out of the group as I imagine she will be trouble going forward. 

Would you be ok if a group your part of started passing on your phone number to anyone? CC an email to others who can then see your email address is no different. Furthermore she requested that they are not to. Whether she has it on her website is her business. 
I've a colleague who's too lazy to ensure that he doesn't disclose personal contact details when CC'ing people which resulting in him forwarding documents containing the whole departments NI Numbers and payslips.

Wouldn’t bother me in the slightest. It was only a few years ago that pretty much everyone’s phone number was posted through your letterbox in a phone directory. Plus anyone who is part of any WhatsApp chat group will have their phone number shared with everyone else in that group. 

As for email addresses pretty much every company you sign up for will request an email address so they’re not private. If you’re overly concerned then set up a spare email address to share with the public and keep a private one for friends and family.