Hey gang, I’m back to talk about a new law coming in in the EU and how it will effect both online artist and commissioners.
It’s called
the General Data Protection Regulation (GDPR), and it effects everyone in the European Union.
It comes into effect from the 25th May 2018.
GDPR is like a newer, stricter version of data protection. You can read all about it in detail over here. But I’d wager a lot of you don’t have the time or the inclination to read vast amounts of details regarding this so let me lay down some general info and tell you how this effects you.
In a nutshell, GDPR is a new set of rules on how data is stored and used in the EU, especially on a business front. If you’re an artist taking commissions, you have to be VERY explicit in the how the personal data you are collecting of your customers is stored and handled. Personal data can be anything from emails, names, addresses (if you ship out physical products) to photographs of people (imagine if someone send some photos as reference images, as an example).
For most of us, we’re not selling on huge amounts of data to advertising companies for an extra buck, but you now have to be EXTREMELY CLEAR about this.
So here’s what I suggest you do.
Firstly,
You cannot store info of someone under 16 without parental permission from the 25th May holy shit guys.
And this age fluctuates from country to country, please see a full list here:
If someone approaches you for a commission and you are in the EU then you need to ascertain their age which means they gonna need to show you some ID. A scan of a passport or a driving license is probably going to be your best bet and people aren’t going to like this but it’s now the law and do you want to be slapped with fines and jail time?
Any information to be stored on needs to be explicitly stated in regards to its use – if you don’t have a TOS maybe now is the time to write one.
I’m gonna go out on a limb and say you’re probably not selling your customer’s details on but just a little note to say that you will probably be doing the following:
Collecting emails for sending invoices and commission files to, and you may be storing on email/paypal accounts. Make it clear that your customers’ details will not be sent to third parties or added to mailing lists.
This should pretty much cover you on the basics. Again, you’ll need to be transparent and up front about any personal data you’re collecting. Emails. Names. Ages. Addresses. Religious deets. Anything like that. Please be 100% crystal clear with your clients as to how you’re using it and how you’re storing it. Honestly writing a TOS and asking your clients to read it is a great way to avoid you throwing down mountains of text every time you get a commission.
Actually, I don’t think you’ll need something as extreme as a scan of a person’s driver’s license or passport. According to this article, it seems that simply asking for a person’s country and date of birth should be enough – just make sure to check what the age of consent is in their country if they’re younger than 16 – and make sure to store how you got the information from them.
As for parental consent, I don’t do commissions myself, but I’d say honestly, just avoid taking commissions from anyone below the age of consent. I mean, it sucks for everyone involved, but I don’t think the whole debit/credit card deal Microsoft is going to use will work for small businesses.
If you offer NSFW commissions, however, please check up on any extra rules there might be for adult content – I think there might be some.
Yep, you won’t need a passport or ID – if anything I’d strongly advise not to ask for those as one of the regulations is that you don’t take excessive data, just enough for the purpose.
You also need to ensure you delete any data received (including emptying your computer’s recycling bin!) as soon as it stops being relevant for you to hold it.
Finally, this isn’t just EU citizens. Anyone in the EU, or doing business with someone in the EU, MUST follow these regulations.
I know it’s pretty extreme for online artists as the laws will be more effective on larger companies, but you will still need to comply to be safe.
backup blog in case tumblr explodes 