top of page


Having read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, I comply as outlined below. If you have given me your email address, (by emailing me, or any other means), I recommend reading this to reassure yourself that I am looking after your data responsibly.



  1. Awareness

I am a sole trader and hence the only person in the “organisation” of whom awareness of the requirements is required.

  1. Information held:

  • Email addresses of those who have emailed me and to whom I have replied – automatically saved in Windows Livemail.

  • Email addresses, names and self-identified descriptors (eg "editor”) of people who have emailed me – held in a spreadsheet on a password-protected computer.



I do not share this information.

If someone asks for another person’s email address, I always check with the other person first, unless both are known closely to me and one another.


  1. Communicating privacy information

   I have added this page to my website.

  1. Individuals’ rights

On request, I will delete data.

If someone asked to see their data, I would take a screenshot of their entry/entries.

  1. Subject access requests

I aim to respond to all requests within 24 hours.

  1. Lawful basis for processing data

  • If people have emailed me, they have given me their email address. I do not actively add it to a list but Windows Live Mail will save it. I will not add it to any database or spreadsheet unless someone asks me to or gives me explicit and detailed permission.


  1. Consent

Once I’ve contacted everyone with a reminder about the T&C of my holding their data, I regard this consent as confirmed for a year, or until the person asks me to remove the data. I have never harvested email addresses, nor would I. Anyone on my lists has contacted me.

Consent is not indefinite, so I will make sure that I remind subscribers that they can unsubscribe or ask for their data to be removed.

  1. Data breaches

I have done everything I can to prevent this, by strongly password-protecting my computer. If this were compromised I would take professional advice immediately.

  1. Data Protection by Design and Data Protection Impact Assessments

I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.


  1. Data Protection Officers


I have appointed myself as the Data protection Officer, in the absence of anyone else!


  1. International

My lead data protection supervisory authority is the UK’s ICO.

bottom of page