GDPR again - can I check if I am okay please

BlondeHeadOn · 8 May 2018 at 1:44PM

I am a sole trader, working as a statistician analysing data for various clients. The data I receive from clients is anonymised, so I think that's okay(?) Then I analyse the data and send back the results.

All my work now comes through from existing clients or from word-of-mouth, so I don't do any marketing or keep prospect lists etc. I have no plans to change this in future, as I have more than enough work to keep going, and plan to wind the business down in the next couple of years anyway.

The only potential issue I can think of is that my website has a 'contact us' form on it. If I remove that form, will that solve that problem? It will still have me email address and phone number on there for any queries.

I am registered with the DPA, obviously.

So.....am I okay for GDPR, or can anyone spot any problems?

All help gratefully accepted!

[Deleted User] · 8 May 2018 at 2:27PM

You shouldn't need to, as long as it is covered in your privacy policy, which states what data you collect and what you use it for.

BlondeHeadOn · 8 May 2018 at 2:40PM

Deleted_User wrote: »

You shouldn't need to, as long as it is covered in your privacy policy, which states what data you collect and what you use it for.

Ah - I don't have a link to a privacy policy on my website, it sounds like I should have ...?...?...

Are there any templates available online for a privacy policy? Or do I contact my web hosting company for this?

[Deleted User] · 8 May 2018 at 2:52PM

Have a look at a few websites to get an idea. They vary massively in style. There is also a good guide to content on the ICO website.

https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/

But basically, you'll probably get away with a few paras of what you collect, what you use it for, what rights the data subject has (eg right to be forgotten, SAR etc) and how long you keep the data for, plus ICO contact details.

BlondeHeadOn · 8 May 2018 at 3:00PM

Deleted_User wrote: »

Have a look at a few websites to get an idea. They vary massively in style. There is also a good guide to content on the ICO website.

https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/

But basically, you'll probably get away with a few paras of what you collect, what you use it for, what rights the data subject has (eg right to be forgotten, SAR etc) and how long you keep the data for, plus ICO contact details.

This is very useful, thank you - I will check out that link and other privacy policies I can find.

However I am still minded to just delete the 'Contact Us' web page to be honest, as I hardly ever get any genuine queries through that - just a few flurries of nonsense requests and spam every so often.

If I therefore just have my contact details on the website (name, email, phone number and postal address), do I still need to have a privacy policy for any data collected through e.g. emails or phone calls direct from a customer?

[Deleted User] · 8 May 2018 at 4:02PM

You still need a PP, as it explains how you control and process data for your customers, whether existing or new.

BlondeHeadOn · 9 May 2018 at 9:25AM

Deleted_User wrote: »

You still need a PP, as it explains how you control and process data for your customers, whether existing or new.

Okay, will do - many thanks for your help, I am very glad that I posted here!

klew356 · 9 May 2018 at 12:59PM

:money:
an excel sheet which is available on the ico website will help, pop your customers, suppliers, and anyone else you deal with on here and then state
• Why do you use personal data?
• Who do you hold information about?
• What information do you hold about them?
• Who do you share it with?
• How long do you hold it for?
• How do you keep it safe?
you should maybe think about composing an email which you could send to these poeple which checks they still want you to use and hold their data

BlondeHeadOn · 9 May 2018 at 1:21PM

klew356 wrote: »

:money:
an excel sheet which is available on the ico website will help, pop your customers, suppliers, and anyone else you deal with on here and then state
!!!8226; Why do you use personal data?
!!!8226; Who do you hold information about?
!!!8226; What information do you hold about them?
!!!8226; Who do you share it with?
!!!8226; How long do you hold it for?
!!!8226; How do you keep it safe?
you should maybe think about composing an email which you could send to these poeple which checks they still want you to use and hold their data

Many thanks for this.

I don't have any suppliers, only a small number of customers/clients.

Usually the only personal data I have about clients are their names, organisation name, email and telephone numbers. I often don't even keep their addresses, as I invoice electronically.

I don't do any marketing, and never use the client info for anything other than contacting them when I am actually doing work for them.

I never pass the client info to anyone else.

The only other data I have is any data they send me for analysis, which does not have any identifying characteristics when I receive it (just anonymous unique key variables). So I don't think this is a problem.

I also sign non-disclosure agreements with the clients, to say that I will keep any results or findings confidential.

I'd struggle to send emails out to more than a handful of clients, as I only have the current contact details for those I am working with at the moment.

It's a bit of an unusual business model I know, but it's a very confidential area.

Hmm.

GDPR again - can I check if I am okay please

Comments

Categories

Get our FREE Weekly email full of deals & guides - and it’s spam-free