From May 25, 2018, a new data protection law is being introduced in the UK, it’s called the General Data Protection Regulation, GDPR for short. The reason this law is being introduced is to protect your data more effectively in today’s online world.
You will probably have received emails already, asking if you will opt-in, to continue receiving emails from companies you’ve previously signed up to. This doesn’t just apply to email, but how your data is processed by any company who collects, stores and uses your data in the future.
Privacy notices and policies are being updated countrywide to provide the customer with new and improved rights as well as legal reasons why your personal information should be kept on file.
Personal data is information which relates to a living individual, such as your name, address, telephone number and email. This data could be used not only to identify you but can include details about your transactions or services you have used.
What does the GDPR mean for you, the client?
- You can ask whether your personal data is being processed, where it’s being processed and for what purpose. This right to access also gives you the right to request a copy of the personal data a company holds on you at no cost to you within one month of asking.
- You have the right to rectify, for example, to ask for your details to be changed. Your data should be corrected within one month (two months if complex).
- You have the right to restrict processing, for example, you can ask to restrict the use of your personal data i.e. not to receive emails or telephone calls or marketing by post.
- You also have the right to ask for your personal data to be deleted, this is the right to erasure (the right to be forgotten).
- You have the right to lodge a complaint, about how you feel your data may have been used wrongly, with your local data protection authority.
Angela Adams Photographer and the GDPR
- When you book a commission, I will store names, addresses, emails and telephone numbers in electronic form indefinitely enabling me to contact you in the future. This is considered processing, even if I display your name on a computer screen when updating a spreadsheet.
- Your data will be collected and stored in paper form when you arrive for your photography session along. Consent to use the photographs taken at the session for the purposes stated in item 3 will be saught.
- Angela Adams Photographer has a legitimate interest in using photographs for marketing online and in printed literature plus for competition purposes. These images will not be used without prior consent being saught. A client may withdraw this consent at any time.
- Nobody else will see the data held by Angela Adams Photographer and your data will not be shared at any point. The data collected will only be used for the purpose which you have given consent.
- You have the right to contact Angela Adams Photographer at any time and ask for your data to be deleted. You have the right to request that any direct marketing stop.
- Should a data breach occur, Angela Adams Photographer will inform the Information Commissioner’s Office.
- This policy exists to ensure your data is used in a way which protects your rights.
Data will be collected, held, retrieved, organised and destroyed in a lawful, fair and transparent manner. Information will only be collected on a need to know basis i.e. the data collected is relevant to the reason it is being collected. Reasonably practicable steps will be taken to ensure the data obtained is accurate. Angela Adams Photographer will store your data in a safe, secure environment on a password protected computer with the aim to prevent accidental loss, destruction, damage and unauthorised access.
Want to know more?
To read more about the GDPR, please visit the Information Commissioner’s Office website
- The Data Subject is the person whose personal data is being processed.
- The Data Processor is the person or organisation who processes the data.
- The Data Controller is the person or organisation with overall responsibility for personal data, also how and why it is used.
- The Data Protection Officer is responsible for overseeing and implementing an organisation’s data protection strategy.
N.B. In a small company, the roles mentioned in 2, 3 and 4 above may be held by the same person.