As many of you will be aware, the General Data Protection Regulation (GDPR) came into force on 25 May 2018. As I hold personal data about my clients (i.e. names, addresses, phone numbers) I am considered to be a data controller and a data processor under the regulations. I am therefore required to comply with the principles of the GDPR and ensure that your data is held securely, is not processed in a manner that is incompatible with the reason for which it was collected, is kept up to date, etc.
I can therefore confirm that:
- all my clients’ personal data are securely held in a locked cabinet that is under my sole control
- my mobile phone is secured by a pass code to prevent unauthorised access to clients’ phone details
- I will never pass client details to a third party without their express permission to do so
- I do not send out mailshots or unsolicited emails
- I destroy client records once they are no longer required (eg. the client has moved away and will no longer require my services, or I have not had any contact with a client for a period of 24 months or more): this will include shredding any paper records I hold and deleting contact details from my phone.
If any of my clients wish to clarify any of the above points or discuss this further with me, please do get in touch with me.