I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. The document that follows explains how I comply. If you have given me your email address (by using the Contact Me link of my website), you should read this to reassure yourself that I am looking after your data responsibly.

If any of you understand this compliance issue better than me and believe there’s something else I should be doing, do let me know. I value the security of your information very much and I will never intentionally breach the rules. However, the rules are designed for organisations; authors like me are sole traders just doing our best to keep up.

1 Awareness

I am a sole trader so there is no one else in my organisation to make aware.

2 The information I hold

Email addresses of people who have emailed me and to whom I have replied – automatically saved in one password-protected inbox. I do not share this information with anyone.

3 Communicating privacy information

I have put this document on my website.

I have added a link on my “Contact Me” page.

4 Individuals’ rights

On request, I will delete data.

5 Subject access requests

I aim to respond to all requests within 24 hours.

6 Lawful basis for processing data

  • If people have emailed me, they have given me their email address. I do not actively add it to a list but my two email accounts will save it automatically. I will not add it to any database unless someone asks me to do so or gives me explicit and detailed permission.

7 Data breaches

I have done everything I can to prevent these, by strongly password-protecting my computer and email accounts. If any of those latter organisations were compromised I would take steps to follow their advice immediately.

8 Data Protection by Design and Data Protection Impact Assessments

I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.

9 Data Protection Officers

I have appointed myself as the Data Protection Officer, in the absence of anyone else.

10 International

My lead data protection supervisory authority is the UK’s ICO.