Data Protection Policy

David Gordon is registered with the Information Commissioner’s Office as required by the Data Protection Act 2018 and the UK General Data Protection Regulation. You can see an up to date entry confirming this by searching the ICO website at for registration number Z2179744.

Photographs of identifiable people are classed by the Data Protection Act as “personal data”  and as such professional photographers are obliged by law to register and to “process”  this data in a fair manner.

Any individual has the right to access their personal data. Should you wish to make a “subject access request” you may do so by contacting David Gordon (the “Data Controller”) by email or letter and paying a fee of £30.00. You may find more contact details at

The personal data, including sensitive personal data, processed by David Gordon is done so for journalistic, literary or artistic purposes. 

David Gordon strives to include the following principles when processing data;

  • Personal data is obtained for a specific purpose and not processed in a manner incompatible with that purpose.
  • Only sufficient and relevant personal data is processed.
  • Additional attention is made to ensure the accuracy of personal data.
  • Where required, personal data is kept secure against unauthorised access, loss or damage.

Due to the nature of the data held and its intended purpose it is not considered that it would cause any individual damage or distress should it inadvertently be disclosed. While some data may be “sensitive” it is not of the type, for example, a doctor or hospital would hold. This however does not mitigate from taking proper steps to prevent unauthorised access or disclosure.

Should David Gordon become aware of any data security breach he has procedures in place to;

  • Contain the breach and recover any data lost
  • Assess whether any breach may result in adverse consequences for individuals and the seriousness of those consequences
  • Consider notification of individuals involved and if required the police, ICO and or other bodies
  • Investigate the cause of the breach, evaluate the response and if required update policies and procedures

David Gordon is the person responsible data security management and incident control. This Policy is reviewed and updated as required at least once a year, the next date for review is June 2025.

David Gordon
June 2024