<img src="https://ad.doubleclick.net/ddm/activity/src=10024890;type=invmedia;cat=front0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?" width="1" height="1" alt=""> GDPR in numbers: Using images of employees in marketing
Skip to content
Fotoware news GDPR

GDPR in numbers: Using images of employees in marketing

17. June 2024

There are many things to consider in the world of GDPR (General Data Protection Regulation). One aspect that is often forgotten is managing consent for images of people, such as employees, customers or partners. In fact, many organizations still rely on unwritten agreements when using images of employees in marketing efforts, e.g. in social media, even though these images can be classified as personal data.

Recently, Fotoware asked 350 communications- and HR professionals about how they treat images of people, and the results are in.

If you want to access the visualized report on these GDPR statistics, please do so here or see the highlights in more detail below.

GDPR consent status

Storing images of employees and stakeholders

Unsurprisingly, many organizations store images of employees. A total of 51% store images of all employees and 39% store images of some, but not all. While this may not always require written consent, the individual must be informed about their personal data being stored and their rights regarding withdrawing the consent later on.

Additionally, 70% of organizations store images of external stakeholders, such as customers or partners. While these people have the same rights as employees, they usually don’t have the same contracts, and are often in need of specific agreements related to the processing and use of the images in question.


Learn more: 5 things you should know about GDPR for images

GDPR for images in social media

Using images for marketing purposes - in compliance with the GDPR

Of the people questioned, 65% report that they sometimes use images and/or videos of employees for marketing purposes, and only 5% restrict themselves to using only visuals depicting upper management. This is a trend that has been emerging for a while, and is typically witnessed among organizations wanting a human and relatable approach, which encourage them to rely more on images of actual employees rather than generic stock photos.


Learn more: Best Practices for GDPR compliance when using photos of employees


In order to use images of private individuals for marketing purposes, one must ensure that the person is aware of this and his/her right to withdraw it later on. If, for example, one takes images of people for internal use and then later decides to use them in marketing, the recognizable individuals must be informed about this additional type of usage and their rights to withdraw their consent. However, exceptions may apply when the public representation of the company is incorporated into the employee’s contract, for example, in the case of upper management.


Learn more: How PGS ensures full control of visual assets with Fotoware

Fotoware DAM consent management request

Documenting image consent - in compliance with the GDPR

According to GDPR Article 12, the data controller “shall take appropriate measures to provide any information […] relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language […]”. In other words, people have the right to know what they are consenting to and their rights concerning the consent.

Oftentimes, this would mean that organizations would need to gather explicit consent for processing and using images of employees. While oral agreements can work for certain instances, written documentation is usually preferable, as it provides a good digital trace and is more easily referred to. For this reason, it’s surprising to see the GDPR statistics revealing that only 37% of organizations have documented explicit consent for images with private individuals.

30% claim to have an informal agreement, while a total of 32.6% are unsure of whether depicted individuals know that their images are being processed and/or used by the organization.

GDPR for photos - webinar

On-demand webinar

In this webinar, you'll discover best practices for handling images in accordance with the GDPR

GDPR Article 15. Right to access

According to GDPR Article 15, individuals have the right to obtain confirmation of whether or not their personal data - including images - is processed by an organization, the purposes of this processing, and the categories of the personal data concerned.

When asked if they would be able to easily offer individuals an overview of stored images and what type of usage that can be applied to these, only 32% of responders answered that they would be able to do this quickly. The GDPR statistics also showed that 39% of organizations would find it time-consuming to comply with such a request, while 29% of responders were unsure of whether they would be able to comply with GDPR Article 15 at all.


Learn more: Asset Linking - helping you ensure efficient GDPR compliance

Fotoware DAM consent form status

GDPR Article 17. Right to erasure

Another article to keep in mind when storing and using images of employees, is Article 17, the Right to Erasure. Also referred to as the “right to be forgotten”, Article 17 demands data controllers to delete all personal data related to a specific individual, within a reasonable time, should the person request it.

While this right comes with certain limitations (for example, specific forms of data may be deemed as crucial to business operations), most corporate images would fall under the category of standard personal data and be eligible for deletion should the data subject request this.

According to our GDPR for images research and report, only 26% of organizations are able to comply with such a request quickly and easily, and 33.7% are unsure of whether it's even possible for them to comply with Article 17.

GDPR report 2024 / Fotoware

Read the full GDPR report

In this report, you'll find key numbers related to how organizations treat their corporate images in relation to the GDPR.

How to ensure control and GDPR compliance for photos

While GDPR may be considered cumbersome by many, ensuring compliance for your images and videos doesn’t have to be. In fact, having control of media files is easy once you have the right setup in place.

At Fotoware, we have years of experience helping organizations manage files and data, and in 2021 we launched one of the market’s first built-in tools for consent management and customizable consent forms, for faster and easier GDPR-compliance. Thanks to the system’s advanced metadata capabilities, it’s also highly scalable and the optimal software for organizations storing massive amounts of visuals containing individuals.

Would you like to learn more about how to ensure control of visual assets and data? Book a meeting with one of our experts to get in touch!


GDPR Checklist for Images

Six steps to ensure GDPR-compliance for images