Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • BlondeHeadOn
    • By BlondeHeadOn 8th May 18, 1:44 PM
    • 2,208Posts
    • 2,963Thanks
    BlondeHeadOn
    GDPR again - can I check if I am okay please
    • #1
    • 8th May 18, 1:44 PM
    GDPR again - can I check if I am okay please 8th May 18 at 1:44 PM
    I am a sole trader, working as a statistician analysing data for various clients. The data I receive from clients is anonymised, so I think that's okay(?) Then I analyse the data and send back the results.

    All my work now comes through from existing clients or from word-of-mouth, so I don't do any marketing or keep prospect lists etc. I have no plans to change this in future, as I have more than enough work to keep going, and plan to wind the business down in the next couple of years anyway.

    The only potential issue I can think of is that my website has a 'contact us' form on it. If I remove that form, will that solve that problem? It will still have me email address and phone number on there for any queries.

    I am registered with the DPA, obviously.

    So.....am I okay for GDPR, or can anyone spot any problems?

    All help gratefully accepted!
Page 1
    • zx81
    • By zx81 8th May 18, 2:27 PM
    • 18,620 Posts
    • 19,874 Thanks
    zx81
    • #2
    • 8th May 18, 2:27 PM
    • #2
    • 8th May 18, 2:27 PM
    You shouldn't need to, as long as it is covered in your privacy policy, which states what data you collect and what you use it for.
    • BlondeHeadOn
    • By BlondeHeadOn 8th May 18, 2:40 PM
    • 2,208 Posts
    • 2,963 Thanks
    BlondeHeadOn
    • #3
    • 8th May 18, 2:40 PM
    • #3
    • 8th May 18, 2:40 PM
    You shouldn't need to, as long as it is covered in your privacy policy, which states what data you collect and what you use it for.
    Originally posted by zx81

    Ah - I don't have a link to a privacy policy on my website, it sounds like I should have ...?...?...

    Are there any templates available online for a privacy policy? Or do I contact my web hosting company for this?
    • zx81
    • By zx81 8th May 18, 2:52 PM
    • 18,620 Posts
    • 19,874 Thanks
    zx81
    • #4
    • 8th May 18, 2:52 PM
    • #4
    • 8th May 18, 2:52 PM
    Have a look at a few websites to get an idea. They vary massively in style. There is also a good guide to content on the ICO website.

    https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/


    But basically, you'll probably get away with a few paras of what you collect, what you use it for, what rights the data subject has (eg right to be forgotten, SAR etc) and how long you keep the data for, plus ICO contact details.
    • BlondeHeadOn
    • By BlondeHeadOn 8th May 18, 3:00 PM
    • 2,208 Posts
    • 2,963 Thanks
    BlondeHeadOn
    • #5
    • 8th May 18, 3:00 PM
    • #5
    • 8th May 18, 3:00 PM
    Have a look at a few websites to get an idea. They vary massively in style. There is also a good guide to content on the ICO website.

    https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/your-privacy-notice-checklist/


    But basically, you'll probably get away with a few paras of what you collect, what you use it for, what rights the data subject has (eg right to be forgotten, SAR etc) and how long you keep the data for, plus ICO contact details.
    Originally posted by zx81

    This is very useful, thank you - I will check out that link and other privacy policies I can find.

    However I am still minded to just delete the 'Contact Us' web page to be honest, as I hardly ever get any genuine queries through that - just a few flurries of nonsense requests and spam every so often.

    If I therefore just have my contact details on the website (name, email, phone number and postal address), do I still need to have a privacy policy for any data collected through e.g. emails or phone calls direct from a customer?
    • zx81
    • By zx81 8th May 18, 4:02 PM
    • 18,620 Posts
    • 19,874 Thanks
    zx81
    • #6
    • 8th May 18, 4:02 PM
    • #6
    • 8th May 18, 4:02 PM
    You still need a PP, as it explains how you control and process data for your customers, whether existing or new.
    • BlondeHeadOn
    • By BlondeHeadOn 9th May 18, 9:25 AM
    • 2,208 Posts
    • 2,963 Thanks
    BlondeHeadOn
    • #7
    • 9th May 18, 9:25 AM
    • #7
    • 9th May 18, 9:25 AM
    You still need a PP, as it explains how you control and process data for your customers, whether existing or new.
    Originally posted by zx81

    Okay, will do - many thanks for your help, I am very glad that I posted here!
    • klew356
    • By klew356 9th May 18, 12:59 PM
    • 305 Posts
    • 1,806 Thanks
    klew356
    • #8
    • 9th May 18, 12:59 PM
    • #8
    • 9th May 18, 12:59 PM

    an excel sheet which is available on the ico website will help, pop your customers, suppliers, and anyone else you deal with on here and then state
    • Why do you use personal data?
    • Who do you hold information about?
    • What information do you hold about them?
    • Who do you share it with?
    • How long do you hold it for?
    • How do you keep it safe?
    you should maybe think about composing an email which you could send to these poeple which checks they still want you to use and hold their data
    • BlondeHeadOn
    • By BlondeHeadOn 9th May 18, 1:21 PM
    • 2,208 Posts
    • 2,963 Thanks
    BlondeHeadOn
    • #9
    • 9th May 18, 1:21 PM
    • #9
    • 9th May 18, 1:21 PM

    an excel sheet which is available on the ico website will help, pop your customers, suppliers, and anyone else you deal with on here and then state
    !!!8226; Why do you use personal data?
    !!!8226; Who do you hold information about?
    !!!8226; What information do you hold about them?
    !!!8226; Who do you share it with?
    !!!8226; How long do you hold it for?
    !!!8226; How do you keep it safe?
    you should maybe think about composing an email which you could send to these poeple which checks they still want you to use and hold their data
    Originally posted by klew356

    Many thanks for this.

    I don't have any suppliers, only a small number of customers/clients.

    Usually the only personal data I have about clients are their names, organisation name, email and telephone numbers. I often don't even keep their addresses, as I invoice electronically.

    I don't do any marketing, and never use the client info for anything other than contacting them when I am actually doing work for them.

    I never pass the client info to anyone else.

    The only other data I have is any data they send me for analysis, which does not have any identifying characteristics when I receive it (just anonymous unique key variables). So I don't think this is a problem.

    I also sign non-disclosure agreements with the clients, to say that I will keep any results or findings confidential.

    I'd struggle to send emails out to more than a handful of clients, as I only have the current contact details for those I am working with at the moment.

    It's a bit of an unusual business model I know, but it's a very confidential area.

    Hmm.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

127Posts Today

1,564Users online

Martin's Twitter