TED Web Chat

Talk to TED

Forms, Templates & Reports
>
Forms
>
Image Consent Guidance

Image Consent Guidance

Document upload URL

Image Consent Guidance

In accordance with the UK General Data Protection Regulations (UK GDPR), obtaining and recording consent is mandatory when capturing identifiable images of individuals during engagements. Whenever possible, individual consent for images should be obtained using the attached template.

 

Valid consent must be freely given, meaning it shouldn't be coerced or under duress. It must also be specific, informed, and unambiguous, meaning individuals need to know exactly what they are consenting to. 

 

In situations where individual consent is not feasible (e.g., large events), it is essential to inform attendees that photography and/or videography will be taking place and to explain the intended use of the images. This can be achieved by displaying posters in the event space, distributing information cards, and making announcements on the day.

Departmental Procedure Notes

Each department must develop its own procedure notes, but the following guidance should be considered:

 

  • Recording consent:  GDPR requires you to keep records of consent under Article 7(1) of the regulation, which states that the data controller must be able to demonstrate that the data subject consented to the processing of their personal data.
  • Consent Form Management: Ensure all consent form templates are version-controlled, securely managed, and that employees use the most current and valid versions.
  • Logging and Retention: Completed consent forms should be appropriately logged, with retention requirements applied, and access restricted to authorised personnel. Standard retention is 3 years, but this will depend on the specific purpose.
  • Images of Children: Parental consent is required for children under 13, as stipulated by the UK Data Protection Act2018. It is necessary to identify and remove any images of children who turn13, as new consent will be required.
  • Outdated Consents: Establish a process to decommission outdated consents, applying appropriate retention requirements.
  • Managing Withdrawals and Erasure Requests: Implement processes to handle withdrawals of consent and data erasure requests from individuals.
  • Subject Access Requests: Be able to retrieve images if they are requested under SAR and assist the information governance team in complying with these requests in a timely manner.
  • Employee Training: Ensure employees understand their data protection obligations regarding the collection, management, refreshment, and processing of images and videos. Completion of mandatory Data Protection and Cyber Training is required.
  • Secure Storage: Ensure that data(photos/videos) is stored securely and that sharing is restricted to approved mediums. If images are captured on devices, they must be transferred to a secure location and removed from the device.
  • Purpose-Specific Use: Use images only for the purposes specified on the consent form. If there is a need to use the images for another purpose, inform the individual and obtain new consent. This is crucial to avoid legal issues related to image misuse.
  • Documenting Processes: Document your procedures for handling and managing image consent activities to ensure compliance and to educate current and new employees.
  • Privacy Notices: Ensure your service privacy notice reflects that you capture images as part of your processing activities. The Council’s general image privacy notice can be found HERE

For further advice please contact the Data Protection Officer:

Email: dpaofficer@tendringdc.gov.uk |Tel: 01255 686 060

Link to form
Uploaded Document file
Author:
Last updated on:
Aug 2025