MY GDPR STATEMENT OF COMPLIANCE
I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. The document that follows explains how I comply. If you have given me your email address (by using the Contact Me link of my website), you should read this to reassure yourself that I am looking after your data responsibly.
If any of you understand this compliance issue better than me and believe there’s something else I should be doing, do let me know. I value the security of your information very much and I will never intentionally breach the rules. However, the rules are designed for organisations; authors like me are sole traders just doing our best to keep up.
I am a sole trader so there is no one else in my organisation to make aware.
2 The information I hold
Email addresses of people who have emailed me and to whom I have replied – automatically saved in one password-protected inbox. I do not share this information with anyone.
3 Communicating privacy information
I have put this document on my website.
I have added a link on my “Contact Me” page.
4 Individuals’ rights
On request, I will delete data.
5 Subject access requests
I aim to respond to all requests within 24 hours.
6 Lawful basis for processing data
- If people have emailed me, they have given me their email address. I do not actively add it to a list but my two email accounts will save it automatically. I will not add it to any database unless someone asks me to do so or gives me explicit and detailed permission.
7 Data breaches
I have done everything I can to prevent these, by strongly password-protecting my computer and email accounts. If any of those latter organisations were compromised I would take steps to follow their advice immediately.
8 Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
9 Data Protection Officers
I have appointed myself as the Data Protection Officer, in the absence of anyone else.
My lead data protection supervisory authority is the UK’s ICO.