May 25, 2014 by Lydia Syson
MY EUGDPR STATEMENT OF COMPLIANCE
I have read the Information Commissioner’s Office guidelines for compliance with the new General Data Protection Regulation (GDPR) rules.This document that follows explains how I comply. If you have given me your email address (by emailing me, or subscribing to my website or newsletter via my website or during events, for example), please read this to be reassured that we’re looking after your data extremely responsibly.
I value the security of your information extremely highly and will never intentionally breach the rules. However, the rules are designed for large corporations and I can only do my very best to comply.
The information I hold:
- Email addresses of people who have emailed me and to whom I have replied or who have commented on this website are automatically saved in gmail or 123-Reg, my web host.
- Email addresses and names of people who have signed up to my mailing list via the opt-in link on my website.
- Email addresses, postal addresses and names of people who I have worked with over the years. These are held as lists in my email servers as above.
- I have access to the followers of my Twitter account. While I am the data controller of this account, I do not process this data. Anyone who does not wish to continue to follow me, can unfollow at any time as per Twitter’s regular procedures.
- This wordpress website www.lydiasyson.com holds a database of followers which is held and run with JetPack plugin (by Automattic) who I believe are fully compliant. I’m not the data processor. There is information about Automattic’s privacy statement updates here.
I never share this information with anyone.
Lawful basis for processing data
If people have emailed me or contacted me via the website, they have given me their email address. If anyone has subscribed to my mailing list or followed me on Twitter they have actively opted in, in the knowledge that I will contact them occasionally, and I take that as consent to continue to do so.
I do not actively add any contact details to any list without valid permission them without permission.
I’m not normally contacted by children and do not correspond with them through my various social media presence. However I do not know the ages of my subscribers on Twitter or Mailing lists and can only act on known information.
I protect the datahold by strong passwords across the digital platforms I use. If any of those platforms were compromised, I would take steps to follow appropriate advice immediately.
Data Protection by Design and Data Protection Impact Assessments
I have familiarised myself with the ICO’s code of practice on Privacy Impact Assessmentsas well as the latest guidance from the Article 29 Working Party, and believe that I am using best practice.
Data Protection Officers
My lead data protection supervisory authority is the UK’s ICO as of 25th May 2018.