#GDPR Compliance For Artists & Photographers

A guide for artists and photographers detailing what you need to do to make your site GDPR compliant.

What do I need to know about GDPR?

On May 25, 2018 the General Data Protection Regulation (GDPR) will go into effect. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the European continent. Although this law comes from the European Union (EU), it will have a global impact. It will affect any business holding personal data on customers, prospects or employees based in the EU.

To be clear, if the personal data is processed in respect to an activity or transaction within the EU territory, it is covered by GDPR. The law is one based on territory not citizenship/residency. A couple of examples:

1) A US tourist is visiting the EU and makes an online purchase at a local store. This activity is subject to GDPR.

2) An EU citizen/resident is visiting the US. They order a pizza online from a local pizza place. This activity is not subject to GDPR.

GDPR for Artists: Is Your Website Compliant?

For a full description of GDPR, read this post.

What does GDPR mean for my art business?

If your business is located in the EU, or if you have any customers, prospects or employees who reside within the EU, you need to make sure your business is set-up to handle personal data within the scope of regulations laid out in GDPR.

GDPR for ASF Merchants

Download this PDF to see the actions ASF has taken to become GDPR complaint, as well as suggested actions you should take to become GDPR-compliant.

How to Be Prepared for GDPR (customers only)

If you run into any trouble getting your site GDPR-compliant, read through this FB post and the comments. If you're still confused, post your question, comment or concern in this thread, and you'll get an answer from one of the ASF marketing experts.

What tools is ASF providing to help me become GDPR-compliant?

ASF has added a GDPR Overlay section in your Site Manager to help artists and photographers on our platform become GDPR-compliant. In this section, you can set-up a cookie consent form, that includes a link to your privacy policy, which only shows to website traffic originating from the EU. This allows complete GDPR compliance without affecting traffic from outside the EU.

Learn: Everything You Need to Know About the GDPR Overlay

Watch this video to learn about the GDPR Overlay tool and how to set it up on your site.

What steps should I take right now?

Follow these steps to make sure your site is GDPR-compliant.

  • 1
    Add a privacy policy to your site. Write a privacy policy for your art business, in simple English, that outlines what personal information you collect, how you use that personal information, what 3rd parties you share that personal information with, how someone can unsubscribe from your email list, and how someone can go about contacting you to request a record of their personal information and/or have their personal information deleted. While this information will be different for every business, you can reference the ASF Privacy Policy as an example of what this might look like.
  • 2
    Turn on the GDPR Overlay Tool. Fill in the text fields for, and turn on, the GDPR Overlay Tool provided by ASF in your Site Manager. See section above: "What tools is ASF providing to help me become GDPR-compliant?"
  • 3
    Change your Google Analytics settings. Update your Google Analytics settings to retain any data older than 26 months. Starting on May 25, 2018, any data older than 26 months will be deleted permanently on a rolling basis. Follow these directions to quickly change this setting.


Here are the answers to some of the common questions we get about GDPR.

  • 1
    Can I just copy the ASF Privacy Policy? In short, no. You can use the ASF Privacy Policy as a guide, to get an idea of what you should write in your own privacy policy, and you can even use the same outline, but you'll need to update all the info as it pertains to your own business.
  • 2
    What do I write in the text fields on the GDPR Overlay Tool? Fill in the text fields for, and turn on, the GDPR Overlay Tool, provided by ASF, in your Site Manager. See section above: "What tools is ASF providing to help me become GDPR-compliant?" and go to that article for example text you can use.
  • 3
    Where do I put my Privacy Policy? Create your Privacy Policy on a Standard Page (How to: Create a Standard Page), then link to it in your footer and add it in the "Your Privacy Policy" drop-down in the GDPR Overlay Tool.
  • 4
    Will my GDPR Overlay Tool show for everyone who visits my site? No. It will only show to visits that originate from the EU.
  • 5
    How can I test that my GDPR Overlay Tool is working? Since the GDPR Overlay Tool only shows up for site visits that originate from the EU, seeing it yourself (if you are not in the EU) will require an extra step. You can download a tool like Tunnel Bear to test your site as if you were a visitor from another country. Install the desktop application, then install the Google Chrome extension, and finally open a fresh incognito window where you will put in your site's URL address.


Although we are offering guidance on the subject of GDPR, this is not to be mistaken for legal advice. Each business is responsible for their own data protection, and we urge you to seek professional consultation and guidance, to ensure your art business is following the regulations as outlined in GDPR.

Don't Miss Our Best New Features

Subscribe below to stay up-to-date with the latest strategies and tactics for selling art online.


Sell More Art Online

If we can't teach you, no one can!