✓ Link copied
DPDPA 2023 Compliance

Corporate Event Photography Consent: Section 5 Notice Template

14 May 2026 · DPDPAReady Editorial · ~5 MIN READ
Applies toCorporate Events & HR operating in India
Primary lawDPDPA 2023 · Section 5
Penalty ceiling₹50 crore per violation
Enforcement statusData Protection Board accepting complaints — May 2026
SourceDPDPAReady Compliance Team

The Section 5 Gap Your HR Team Is Missing

Your company’s Coorg offsite photographer has snapped 400 employee candids. Your Diwali party posted 15 videos to the company intranet. Your annual award night featured real-time LinkedIn updates with face shots of winners. None of these happened with Section 5 notice — the mandatory written disclosure that must reach every data subject before the camera rolls.

Section 5 of the DPDPA requires that you inform individuals about:

  • What personal data you’re collecting (faces, names, positions)
  • How you’ll process it (store, edit, post to LinkedIn, share with HR systems)
  • Whether you’re using it for facial recognition, emotion analysis, or attendance tracking
  • Who has access to the images
  • How long you’ll keep them
  • Their rights to withdraw consent or request deletion
  • Your identity as the data controller

Without a signed, timestamped notice, every photograph is a violation. One complaint from one employee = one ₹50 crore exposure.

What a Compliant Corporate Event Photography Notice Must Include

1. Purpose Statement Explicitly state why you’re photographing: “to document team engagement,” “for internal HR records,” “for LinkedIn company page promotion,” or “for annual report archives.” Vague purposes invite challenges.

2. Scope of Processing Define exactly which visual data you collect: face photos only, full-body shots, audio-video, metadata (timestamp, location). Do not photograph without listing what you’ll capture.

3. Use Cases (All of Them) List every place the image will appear: HR systems (Zoho People, HRIS), company intranet, LinkedIn, printed reports, team emails, third-party cloud storage, or deletion after 6 months. If you might use it later for something new, you must get consent for that use case upfront.

4. Third-Party Sharing Disclose if photographers are contractors, if images go to external event companies, or if cloud providers (AWS, Google Drive) store the files. Name the processors.

5. Retention Period State exactly how long you keep images: “30 days post-event,” “until employee leaves company,” or “permanently archived.” No vagueness.

6. Rights Statement Confirm that the individual can refuse to be photographed, ask for deletion, or request a copy of their image. This is not optional.

7. Data Controller Identity Name the HR team, event organiser, or company. Include email for questions.

The Template

Use this template as your Section 5 notice before your next corporate event. Customize the bracketed fields with your company details.

NOTICE — PHOTOGRAPHY & VISUAL DATA COLLECTION
[Event Name / Date]

Dear [Employee/Attendee],

This event will involve photography. Before you enter, please read this notice.

WHO WE ARE
Data Controller: [Your Company Name], represented by [HR Manager/Event Lead], [email@company.com].

WHAT WE COLLECT
We will photograph and/or video-record your face, name, job title, and appearance during this event. This may include candid shots, group photos, or video clips. All photographs are considered personal data under India’s Digital Personal Data Protection Act, 2023.

HOW WE USE IT
Your images will be used for:

  • Storage in company HR systems (Zoho People, internal HRIS)
  • Posting on company LinkedIn page
  • Sharing in internal emails, team Slack/Teams channels
  • Internal annual reports or printed materials
  • Company website “About Us” or careers page
  • Event documentation archives (retained for [X years])
  • Other: [specify]

We will NOT use your image for facial recognition, emotion analysis, or any automated decision-making without separate consent.

WHO SEES IT
Your images may be accessed by:

  • [Company HR Department]
  • [External photographers: name/company]
  • [Cloud storage provider: AWS/Google Drive/other]
  • [LinkedIn audience: Public / Company followers only]
  • [Other: specify]

HOW LONG WE KEEP IT
Images will be retained for [30 days / 1 year / until you leave the company / permanently] and then deleted or archived.

YOUR RIGHTS

  • You can refuse to be photographed. Photographers will respect a “Do Not Photo” badge.
  • You can request a copy of images containing you.
  • You can request deletion of your images up to [X days] after the event.
  • You can lodge a complaint with India’s Data Protection Board.

Contact: [Email/Phone]

CONSENT
I have read this notice and consent to photography on the terms above.

Name (Print): ______________________
Signature: ______________________
Date: ______________________
Employee ID (if applicable): ______________________

Non-Consent Option
I do NOT consent to photography at this event. I understand this may affect participation in group photos or internal documentation.

Name (Print): ______________________
Signature: ______________________
Date: ______________________

How to Deploy This

Timing
Distribute this notice at least 48 hours before the event — via email, printed handout, or Slack/Teams announcement. Do not photograph anyone until they have signed or digitally acknowledged it.

Signature Collection

  • For in-person events (Coorg offsite, Diwali party, annual award night): Print the notice, have attendees sign on arrival. Photograph the signed form for your records.
  • For virtual/hybrid events (town halls, LinkedIn Live coverage): Send via email with “I Agree” button (Typeform, Google Forms, or embedded e-signature). Log timestamps.
  • For last-minute photography: If you cannot pre-collect signatures, stop photographing and get verbal consent on video: “Do you consent to photography for [use case]?” Record their response.

Storage
Store signed notices in a secure folder (not public shared drives) with employee name and date. Link to the photo folder in your records system (HRIS or HR audit trail).

If Someone Refuses

  • Do not photograph them.
  • Do not pressure them.
  • If they appear in a group shot by accident, pixelate their face or crop them out before posting.
  • Document the refusal (note in consent log: “Jane Doe — no consent — 14 May 2026”).

After the Event

  • Send a follow-up email within 3 days confirming where images have been posted and how to request deletion.
  • Honor any deletion requests within 7 days.

What Happens Without This Document

Your HR team assumes verbal consent or a company-wide calendar invite counts. It doesn’t — Section 5 requires written notice before collection.

Scenario: Annual Award Night — May 2026

Your marketing team live-posts to LinkedIn: “Celebrating [Employee Name]‘s 5-year achievement! 🎉” — with a high-res face photo. No consent notice was circulated. One employee reports this to the Data Protection Board.

Tier 1 — Single Complaint
Data Protection Board orders you to:

  • Delete the image within 48 hours
  • Provide proof of deletion
  • Respond to the complaint in writing

Cost: ₹15,000–₹50,000 in legal response + reputational damage + employee disengagement.

Tier 2 — Multiple Complaints (3+ employees)
Board investigates. Finds you have no Section 5 notices on file for any corporate events from the past 12 months. Finds images on LinkedIn, internal emails, and company intranet without consent.

Penalty: Up to ₹50 crore for Section 5 violation (consent/notice failure). This is per violation — meaning each unconsented batch of photos = separate violation. One award night + one offsite + one Diwali party = three violations = ₹150 crore exposure.

Tier 3 — Systemic Finding
Board identifies that your company has no photography consent process at all. Issues a compliance order. Failure to comply adds ₹150 crore (Section 33 — Board order defiance).

FAQ — Corporate Event Photography Consent

Can we use a generic company policy email instead of a signed notice?
No. Section 5 requires that notice reach the individual at the point of collection — not buried in an employee handbook or annual onboarding email. A policy email from 12 months ago does not constitute a valid Section 5 notice for an offsite happening today. You need a fresh, event-specific notice signed or digitally acknowledged within 48 hours of the event.

What if employees don’t come to the event until the day of — can we hand them the notice as they walk in?
Yes, if you collect their signature before any photography starts. The moment the camera rolls, collection has begun — notice must precede it. Hand them the form at the entrance, collect the signature, then photograph. If someone refuses to sign and wants to attend, they can ask for a “no photo” badge and you must honor it (document this in your records).

Does a Section 5 notice need to cover all possible future uses of the photo, or can we update it later?
It must cover all intended uses at the time of collection. If you collect a photo for “internal HR records only” but later want to post it to LinkedIn, you need fresh consent for that new use. You cannot extend use cases without asking again. If you genuinely don’t know all uses upfront, list what you know and add: “Other uses may require additional consent” — but this weakens your position. List uses upfront instead.

If an employee requests deletion after their image was posted to LinkedIn, can they force us to take it down?
Under Section 12 (right to erasure), yes — if they have a valid reason (incorrect data, consent withdrawn, no longer needed for purpose). You must delete from your systems and request LinkedIn remove the post. Document the deletion date and proof. Failure to comply = up to ₹50 crore penalty. If LinkedIn delays removal, this is not your fault — you acted; LinkedIn is the platform processor.

According to DPDPAReady’s compliance team, 75% of corporate event photography violations happen because HR and marketing teams assume consent is implicit — it is not. Section 5 notice is the legal floor, not a nice-to-have. Every offsite, every award night, every LinkedIn post featuring employees must begin with signed consent.

The template above is deployment-ready. Customize it with your company details, event dates, and use cases — then collect signatures. Store them. Move forward with photography.

If your company processes visual data at scale (monthly offsites, weekly town halls, real-time social media), consider building consent automation into your HR system or event management platform. This reduces friction and ensures every photo is logged.

DPDPAReady’s Template Library deploys consent forms, privacy notices, and DPA agreements for your industry in 48 hours — start at dpdpaready.in.

DPDPA corporate event photography consent notice template IndiaSection 5 notice photographyemployee consent form photographycorporate offsite photography complianceDPDPA visual data processing
VERIFIED DPDPAReady Editorial Desk 14 MAY 2026

Not sure if your media workflow is DPDPA-compliant?

DPDPAReady maps your entire workflow against the Act — free, in 48 hours.

Get your free compliance audit →