GDPR COMPLIANCE STATEMENT
Having read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, I comply as outlined below. If you have given me your email address, (by emailing me, or any other means), I recommend reading this to reassure yourself that I am looking after your data responsibly.
-
Awareness
I am a sole trader and hence the only person in the “organisation” of whom awareness of the requirements is required.
-
Information held:
-
Email addresses of those who have emailed me and to whom I have replied – automatically saved in Windows Livemail.
-
Email addresses, names and self-identified descriptors (eg "editor”) of people who have emailed me – held in a spreadsheet on a password-protected computer.
I do not share this information.
If someone asks for another person’s email address, I always check with the other person first, unless both are known closely to me and one another.
-
Communicating privacy information
I have added this page to my website.
-
Individuals’ rights
On request, I will delete data.
If someone asked to see their data, I would take a screenshot of their entry/entries.
-
Subject access requests
I aim to respond to all requests within 24 hours.
-
Lawful basis for processing data
-
If people have emailed me, they have given me their email address. I do not actively add it to a list but Windows Live Mail will save it. I will not add it to any database or spreadsheet unless someone asks me to or gives me explicit and detailed permission.
-
Consent
Once I’ve contacted everyone with a reminder about the T&C of my holding their data, I regard this consent as confirmed for a year, or until the person asks me to remove the data. I have never harvested email addresses, nor would I. Anyone on my lists has contacted me.
Consent is not indefinite, so I will make sure that I remind subscribers that they can unsubscribe or ask for their data to be removed.
-
Data breaches
I have done everything I can to prevent this, by strongly password-protecting my computer. If this were compromised I would take professional advice immediately.
-
Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
-
Data Protection Officers
I have appointed myself as the Data protection Officer, in the absence of anyone else!
-
International
My lead data protection supervisory authority is the UK’s ICO.