Want your personal data to be safe?
“Do as you would be done by” is one way of stating of what is known as the “Golden Rule”.
This instruction most certainly applies to protecting your own personal data, from contact information to bank account details. You want businesses from whom you’ve purchased goods and services to handle your personal info with care and consideration. Now think about it from the other direction: how do YOU respect personal data of others who entrust you with their own sensitive material?
Just the other day, I was delivering a workshop when an artist asked why her gallery can’t share the details of people who buy her works of art. Surely it’s her right to have that information?
Nope. The acquisition of a work of art is a private transaction. Only the seller has access to the contact details of the buyer, unless the collector explicitly gives permission to share details to other parties.
It’s for this reason that if an artist or gallery wants to state a private collector’s name / name of collection under ‘Collections’ on an artist CV, it is essential to get written confirmation from the buyer or his/her representative. (Then if there’s ever any question, you can go back and show that permission was granted.)
The country where you’re living will have its own laws on ‘data protection’, and in this post, I’m referring to the way that businesses are legally obliged to store and treat data on individuals. For example: The USA has the CAN-SPAM Act of 2003. And the UK has been operating according to the Data Protection Act of 1998 for twenty years. As of 25th May 2018, the UK is upgrading to the General Data Protection Regulation (known as GDPR). According to the official website https://www.eugdpr.org/, GDPR “harmonizes privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.”
One example of what’s changing is the way that opting-in to email lists works. Instead of being legally obliged to offer an option to opt-out, you must to be able to show that a subscriber has opted-in, in the first place. (And that’s the simple explanation!)
What’s more, GDPR applies to EU citizens regardless of their location. That means that if you’re running a business (of any size) in Australia or Nigeria, if you hold information on EU citizens and/or have EU citizens say signing up to your mailing list, you’ll be expected to treat them and their data according to GDPR requirements.
Following on the heels of the big reveal about how Facebook has failed to protect its users’ data, it’s clearly important to do as you would be done by when it comes to handling and holding sensitive data, such as contact info.
Regardless of where you’re located, I urge you to be vigilant about how you add people to your mailing list and how you store and protect data on clients and other contacts. From giving people the option to opt-in to your mailing list to having password-protected computers, smartphones and tablets (with unique passwords), go ahead and become proactive when it comes to managing personal data.
With the recent Facebook scandal, it wouldn’t surprise me in the least if other countries enact stricter legislation in the coming years. You might as well start getting ready, so that when change comes, it doesn’t require a massive overhauling of systems.
Be sure to keep the golden rule in mind. In this digital age, it’s not only a matter of respect, it’s a matter of urgency.
Would you like support to ensure that your business is complying with GDPR legislation by the deadline of 25th May 2018?
Regardless of your location, if you hold data on EU citizens, you’re legally required to adhere to the legislation.
We’ve teamed up with KoffeeKlatch, a company headed up by GDPR Specialist Annabel Kaye. Annabel and her team recognize that GDPR is a minefield, so have put together professional groups to provide the support needed according to your unique business needs (instead of trying to learn a lot that isn’t applicable to your own enterprise, and better yet, you’ll be given suitable solutions according to the needs of the art industry). Note that while KoffeeKlatch provides guidance, it is up to you to take necessary action to be compliant.
ARTISTS: Join the ‘GDPR for Creatives’ Group!
Deadline: Monday 2nd April
What: The KoffeeKlatch team is putting together a group of 20-30 creative professionals (if not more, depending on demand). This provides one year’s support in a dedicated Facebook group for creative professionals.
Price: £40 (plus VAT)
See details and sign-up!
ART DEALERS: Join the ‘GDPR for Art Dealers Group!
Deadline: Thursday 29th March
What: The KoffeeKlatch team is putting together a group of 20-30 art dealers (if not more, depending on demand). This provides one year’s support in a dedicated Facebook group for creative professionals.
Price: £40 (plus VAT)
See details and sign-up!