A quick easy guide to prepare for GDPR

A Simple, Quick list of GDPR Requirements for Photographers’ Websites.

With the GDPR deadline quickly approaching, have you thought about how it affects your website and what you need to do to make it compliant?

Here at Grizzly, we’re doing our best to ensure our clients know exactly what they need to do to ensure their websites are protected and compliant from a GDPR perspective.

There is so much information relating to GDPR that it’s hard to know exactly what you need to do, but we’re here to help and have done our best to collate as much information as possible for you here.



  • An overview of GDPR Rights
  • A list of advice to get your website compliant

We have put together the following information to help your website comply with the new GDPR regulations, which come into play on the 25th May 2018.


The General Data Protection Regulation focuses on how businesses use clients or potential clients’ data, how they process the data, store it and how long it is intended to be stored. They must also make sure that they fully inform the client providing the data what will be done with it once it has been submitted.  Without express permission from the client, the business will be in breach of the new regulations. Have a read of the full rights and requirements here.

The GDPR provides the following rights for individuals:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.


Starting off you should be thinking about the following:

1. What processes do I currently have in place for storing clients’ information?

2. What do I do with this information after I’ve got it?

3. How long do I keep this information for, once I have it?

After thinking about these three aspects you should start to see a pattern and a data cycle which will form the basis of your privacy policy. So, the next step is to start writing a Privacy Policy incorporating all of these processes. This can then be displayed on your website to inform the client of how you will use their data once they have provided it.


The next step is to put clear messages on your site of how to find your privacy policy. Typically, a privacy policy is located in the footer of your website and often goes unnoticed, but with GDPR you’ll need to make sure clients are fully aware of where this is located and have quick links on where to find it. The most effective method is to include a link to it at the bottom of all your website contact forms, along with an unchecked checkbox asking clients to read your privacy policy and agree to it before submitting the form. We also suggest including links to you Privacy Policy at the bottom of each email you send.

With GDPR auto opt-in is no longer an option. The client must now be fully aware of what data they are providing to any business and must themselves consent rather than it being done automatically.


Do you collect emails from your forms or hold emails from your former clients who are on your mailing list? If you answered yes, then now is the time to send an email out to each of them asking them to re-opt in should they want to remain on the mailing list. This is essential and if they don’t want to stay on the list then their data within your marketing software should be deleted permanently.


Most of our photographer clients, at one point or another use third-party applications such as Pixiesetand ShootProof, which hold clients’ data or images. You will need to reference or contact these companies to find out what information they hold and what they do with it once they have it to ensure that they are compliant with GDPR. We have included in our Privacy Policy a special paragraph relating to our hosting.


GDPR requires that any information pertaining to a client is available to them upon request, and at any point. This should be covered as its own section within your privacy policy.


Over the last few years, Google and other major internet providers have been strongly focused on the security of websites. As of this year, Google will require all sites to have an SSL in place otherwise a website will have a red bar showing any visitors a warning stating that this website is unprotected. With this in mind, we strongly suggest that you make sure that your website has an SSL in place, which will allow safe transactions of information between the client’s computer and the server. For more information regarding SSL and to make sure your site is secure please check out our previous blog.

While we hope we have covered the basics here, we strongly recommend reading up yourselves on any official GDPR websites, such as the ICO website, as this has much more in-depth information that may be more relevant to your business.

We really hope this article has helped to better prepare you for GDPR. Good luck!

Our partners

Nine Dots, not your average wedding photography conference!

Nine Dots Gathering
This error message is only visible to WordPress admins

Error: API requests are being delayed for this account. New posts will not be retrieved.

There may be an issue with the Instagram access token that you are using. Your server might also be unable to connect to Instagram at this time.