What Is GDPR Anyway?
So why do we need it? Put simply, life has changed a LOT since 1998. We live in an increasingly online world, with internet shopping, instant payments, multiple social media sites & online profiles – and with the resultant dangers of identity theft & fraud, the security of your privacy & personal data is extremely important.
GDPR is also ensuring that you have a lot more say in how your data is kept, stored & used. How many times have you looked at an email & wondered how it popped up in your Inbox, with no memory of signing up for it? That’s because under the DPA 1998 you can be automatically subscribed unless you say otherwise. Under GDPR the opposite is true, as you cannot be subscribed unless you specifically give your permission.
So what is required of me as a (enter the new GDPR titles) Data Controller (the person who determines the nature of & is responsible for the data) & Data Processor (the person who processes the personal data)? Well, there is a lot of information (literally a book!) so I’m going to summarise it here.
My responsibilities are to state:
- what personal data I hold
- how long I keep it
- where I keep it
- where it came from
- who I share it with
- my reason for keeping it/why I need it – also known as the ‘Lawful basis for processing’
- managing client requests for data & amendment
- about data breaches – my security measures & my agreement to report any to the governing body – the ICO (Information Commissioner’s Office)
The GDPR provides the following rights for individuals (although these are subject to legal restrictions):
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- rights in relation to automated decision making & profiling
- you also have a right to complain to the ICO (Information Commissioners Office) if you think that there is a problem with the way your data is being handled
- unsubscribing – at any time you wish to be removed from any of my emails, you may click “unsubscribe” at the bottom of the page
- Contact phone number
- Email address
- Date of birth
- to contact you directly for treatment (via phone, text/message, email as you prefer)
- to email you (usually 3 or 4 per year) to inform you about special offers, my availability etc.
- to post a birthday or thank you card with reward (via post)
If you would like further information on how I handle your data, wish to update your preferences or to see your personal data, then please