I, like thousands of other writers, have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules, and am completely baffled by the whole thing! Still, personal data is important, so this is my statement that explains how I collect, store and process data.
I am a sole trader. There is just me. Only me. I’ve had to read up about GDPR and then brief myself on the subject. I operate two websites: www.simonwhaley.co.uk and www.thebusinessofwriting.co.uk.
Information I hold:
– Email addresses of people who have emailed me and to whom I have replied – this data is captured by my email programme and stored on my computer and shared via my password-protected iCloud account to my other devices (smartphone/tablet/laptop). These devices are all password/fingerprint activated and only I have access to this data.
– If you contact me via the Contact Form on either of my websites, the WordPress software I use stores a copy of your email address on their servers and forwards a copy to me. WordPress take steps to keep their servers secure.
– Email addresses and names of people who have signed up to my mailing lists via the opt-in link on my websites. This is all stored and processed by Mailchimp. Ways to opt-out are available at the bottom of every newsletter that I send out (which isn’t that frequently).
I have access to databases of followers on Twitter, Facebook and Instagram. I am the data controller but not the data processor of these databases – I use strong passwords and two factor authentication on these sites.
My wordpress website holds a database of followers. This is held and run by Automatic with their JetPack plugin, which I believe to be fully compliant. I am not the data processor.Automatic have a privacy statement here.
Communicating privacy information
- I have put this document on my website.
- I have added a link to my contact page.
- All newsletters issued contain reminders about how subscribers can unsubscribe/opt out of receiving future communications (which will also delete their data from these systems).
On request, I will delete data.
If you unsubscribe yourself from the Mailchimp mailing list, their data is automatically deleted.
Subject access requests
I aim to respond to all requests within 48 hours and usually much sooner, although please bear in mind … I do go away sometimes and don’t always have access to the Internet. I will always respond as soon as is practically possible. (Please remember – I’m a sole trader. There’s just me. If I’m running a weekend workshop I may not get chance to look at your request until I’m back at my office desk. But I will action your deletion request as soon as I can.)
Lawful basis for processing data
If people have emailed me, they have given me their email address (usually so that I can respond to them). As stated above, my email programme automatically says this data and it is stored on my iCloud account.
If people have opted into my Mailchimp lists (by subscribing) they have actively opted in, in the knowledge that they will receive occasional emails.
Followers of my WordPress Website have opted in and are given unsubscribe reminders with each email.
I have done everything I can to prevent this, by strongly password-protecting my computer and website as well as Mailchimp, Google, Dropbox, Twitter, and Facebook with two step authentication. If any of those organisations were compromised I would take steps to follow their advice immediately.
Data Protection Officers
I am not a major organisation so I do not need to appoint a Data protection Officer.
My lead data protection supervisory authority is the UK’s ICO.
Basically, if you have any queries or concerns, please get in touch, but bear in mind when doing so you are giving me your email address so that I can get back in touch with you. I will deal with any request concerning your data as quickly as possible.