The privacy laws affect museums and art galleries as well. These institutions often handle personal data within the maintenance of database of their art collections, the operation of a CCTV system, the fulfilment of their duties towards employees, the online sale of tickets and the purchase or loan of artworks from private individuals. Certain personal data processing is specific for this sector. For example, in case of online sale of tickets through online ticketing software operated by an external entity, it will be necessary to clearly identify if the museum or the art gallery acts as a data controller or a data processor towards customers buying tickets online.

Due to our long-term focus on cooperation with museums and art galleries, we created a tailored-made interactive template of records of processing activities for them that will facilitate, within a short period of time, fulfilment of material obligations arising from GDPR and other laws regulating the protection of personal data. The interactive template can be used in order to comply with the notification duty towards persons whose personal data is processed as well. 

In addition to the interactive template, you will get access to our database of GDPR sample documents that can be used within your processing activities.