July 15, 2026 · EventPix · Updated July 16, 2026
GDPR and guest photos at company events (what organizers should know)
Under GDPR, photos of identifiable people are personal data, so a company that collects and stores guest photos from its event usually acts as the data controller and needs a lawful basis — often consent or legitimate interest. In practice that means telling attendees photos are being taken, keeping the gallery private, stripping metadata, and deleting it on a set timeline.
This is a practical guide, not legal advice. For a high-stakes event, check with your DPO or a lawyer.
Do you need consent to photograph guests at a company event?
It depends on your legal basis and how the photos are used. A photo of an identifiable person is personal data, so you need one of the GDPR lawful bases — usually consent or legitimate interest.
For internal keepsakes and a shared gallery, many organizers rely on clear notice plus legitimate interest. The moment you want to use faces for marketing — an ad, a public case study, a social post — you generally need explicit, specific consent.
The safe habit is simple: tell people at the point of entry. A line on the invite, a sign at the door, and a note on the upload page ("photos may be shared in a private event gallery") give guests a real chance to opt out.
Who is the data controller for guest-uploaded photos?
Usually the organizing company. If you decide why the photos are collected and how they're used — a company gallery, a recap, a highlight reel — you're the controller, even though guests took the pictures.
A tool that hosts the gallery for you is typically a data processor acting on your instructions. That distinction matters: as controller, you're the one responsible for lawful basis, retention, and honoring deletion requests. Pick a processor that lets you delete everything on demand.
Why photo metadata (EXIF and GPS) is a hidden risk
Every phone photo carries EXIF metadata — and that often includes the exact GPS coordinates where the shot was taken, the device model, and a precise timestamp.
At a company event that can quietly leak a private venue's location, an employee's home address from a photo taken earlier that day, or a pattern of someone's movements. Under GDPR's data-minimization principle, you shouldn't hold data you don't need.
The clean fix is to strip EXIF and GPS on upload, so the stored image has no location or device trail attached. A gallery that removes metadata automatically saves you from having to scrub hundreds of files by hand.
How to keep the event gallery private and out of search engines
A guest gallery should be private by default: reachable only through the QR code or link, never indexed by Google.
Look for two things. First, no public listing — the gallery isn't crawlable and doesn't turn up in search. Second, access control — a secret link or token rather than a guessable URL. Optional moderation, where an organizer approves photos before they appear, adds another layer for sensitive corporate settings.
This keeps the collection inside the circle of people who were actually there, which is exactly what "private" should mean under GDPR.
How long should you keep guest photos, and how do you delete them?
Keep them only as long as you have a reason to. GDPR's storage-limitation principle expects a defined retention period, not "forever by default."
A practical pattern: state up front how long the gallery stays open (say, a few weeks), let people add and download photos in that window, then delete the whole set. Download the full-resolution archive as a ZIP for your records if you need it, and remove the online copy.
Being able to delete everything in one action — and to honor an individual's erasure request — is what closes the loop. If your tool can't delete on demand, it's the wrong tool for compliance.
Why a QR-code gallery helps with compliance
A QR-code photo gallery lines up neatly with GDPR habits because it bakes in the safe defaults.
- Notice at the point of upload. Guests scan and see a simple page, so it's easy to state what happens to their photos before they upload.
- Metadata stripped automatically. EXIF and GPS are removed on upload, satisfying data minimization without manual work.
- Private and unindexed. The gallery lives behind a link and isn't crawled by search engines.
- Controlled retention. You set how long it stays open and delete the whole gallery in one step.
- No accounts for guests. Nobody has to hand over an email or create a login just to add a photo — less personal data collected overall.
None of this replaces a proper privacy notice or your own legal review. But it means the tooling is working with your obligations instead of against them.
For more on collecting photos smoothly, see our guide on how to collect wedding photos from guests — the same private-by-default approach applies to any event.
Running a conference, team offsite, or client party? You can set up a private gallery for your corporate event in a minute — metadata stripped, unindexed, and yours to delete whenever you're done.