Please use the form below to email juliawebb.org. We will reply to your inbox as soon as we can.
GDPR STATEMENT OF COMPLIANCE I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules. The document that follows explains how I comply. If you have given me your email address (by emailing me for example) you should read this and reassure yourself that I am looking after your data responsibly. If you believe there’s something else I should be doing, do let me know. I value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for organisations and most authors are freelance sole traders. From the ICO booklet, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now.” Here are my 12 answers. Awareness I am a sole trader so there is no one else in my organisation to make aware. The information I hold: Email addresses of people who have emailed me and to whom I have replied – automatically saved in gmail. Email addresses, postal addresses and names of people who have attended or still attend my classes and people who have purchased mentoring services. I do not share this information with anyone. Ever. If someone asks for another person’s email address, I always check with the other person first. Communicating privacy information I am taking three steps: I have put this document on my website. I have added a link to my email signature. I have added a link to my contact page. Individuals’ rights On request, I will delete any data held. If someone asks to see their data, I will take a screenshot of their entry/entries. Subject access requests I aim to respond to all requests within 24/48 hours. Lawful basis for processing data If you email me, you have given me their email address. I do not add it on a list but gmail will save it. I will not add it to any database or spreadsheet unless asked to or given permission. If people have purchased critiques or mentoring, their postal and/or email addresses are saved in my emails folder and on any invoices that I send them. I will keep these transaction records as long as HMRC records require (5 years) after which they will be deleted. I will delete email and postal addresses after one year. Consent I regard consent of anyone contacting me as a year, or until the person asks me to remove the data. I have never harvested email addresses, nor would I. Anyone on my email list has contacted me or is already a friend. Children If young people email me I wouldn’t know their age unless they told me. I would not keep their email address (although gmail would save it) Since I am not “processing” their data, I am not required to ask for parental consent. I would reply to the email and not contact them again. Data breaches I have done everything I can to prevent this, by strongly password-protecting my computer, Google and Dropbox accounts. If any of those organisations were compromised I would take steps to follow their advice. Data Protection by Design and Data Protection Impact Assessments I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice. Data Protection Officers I have appointed myself as the Data protection Officer, in the absence of anyone else! International My lead data protection supervisory authority is the UK’s ICO.