Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

GDPR and Online Commissions


Hey gang, I’m back to talk about a new law coming in in the EU and how it will effect both online artist and commissioners.

It’s called the General Data Protection Regulation (GDPR), and it effects everyone in the European Union. It comes into effect from the 25th May 2018.

GDPR is like a newer, stricter version of data protection. You can read all about it in detail over here. But I’d wager a lot of you don’t have the time or the inclination to read vast amounts of details regarding this so let me lay down some general info and tell you how this effects you.


In a nutshell, GDPR is a new set of rules on how data is stored and used in the EU, especially on a business front. If you’re an artist taking commissions, you have to be VERY explicit in the how the personal data you are collecting of your customers is stored and handled. Personal data can be anything from emails, names, addresses (if you ship out physical products) to photographs of people (imagine if someone send some photos as reference images, as an example).

For most of us, we’re not selling on huge amounts of data to advertising companies for an extra buck, but you now have to be EXTREMELY CLEAR about this.

So here’s what I suggest you do.



You cannot store info of someone under 16 without parental permission from the 25th May holy shit guys.

And this age fluctuates from country to country, please see a full list here:


What does this mean?

If someone approaches you for a commission and you are in the EU then you need to ascertain their age which means they gonna need to show you some ID. A scan of a passport or a driving license is probably going to be your best bet and people aren’t going to like this but it’s now the law and do you want to be slapped with fines and jail time?

Any information to be stored on needs to be explicitly stated in regards to its use - if you don’t have a TOS maybe now is the time to write one. 

I’m gonna go out on a limb and say you’re probably not selling your customer’s details on but just a little note to say that you will probably be doing the following:

Collecting emails for sending invoices and commission files to, and you may be storing on email/paypal accounts. Make it clear that your customers’ details will not be sent to third parties or added to mailing lists.

This should pretty much cover you on the basics. Again, you’ll need to be transparent and up front about any personal data you’re collecting. Emails. Names. Ages. Addresses. Religious deets. Anything like that. Please be 100% crystal clear with your clients as to how you’re using it and how you’re storing it. Honestly writing a TOS and asking your clients to read it is a great way to avoid you throwing down mountains of text every time you get a commission.

Don't be the product, buy the product!