In accordance with the General Data Protection Regulation (GDPR) rules, the following explains how I comply. This affects anyone who has given me their email address, either by subscribing to the newsletter or emailing me directly.
As the rules have been designed for large organisations, there isn’t much guidance for us writerly-types. If you believe I should be doing more, please let me know.
The information I hold:
Email addresses of people who sign up to my mailing list via the opt-in link on my website – these are held in Mailchimp.
Email addresses of people who have emailed me directly and to whom I have replied – these are automatically saved in my ‘virginmedia’ email account.
Your privacy is very important to me – none of this information is shared with anyone.
Communicating privacy information:
This document is on my website, with a link on the sign-up form for new subscribers.
There is a link on my website ‘contact’ page.
On request, I will delete data.
Anyone who unsubscribes from the Mailchimp list is automatically deleted.
Subject access requests:
I aim to respond to all requests within 24 hours.
Lawful basis for processing data:
If people have emailed me, they have given me their email address. I do not actively add it to a list, but it is automatically saved in my ‘virginmedia’ email.
If people have opted into my Mailchimp list, they have actively opted in, in the knowledge that they will receive blog updates.
I do not regard ‘consent’ as ongoing and definite. To that end, I will remind subscribers that they can unsubscribe at any time or ask for their data to be removed.
My computer, my ‘virginmedia’ account, Mailchimp, Google and Squarespace accounts are strongly password-protected. I am the only one who has knowledge of my passwords. If any of the organisations mentioned were compromised, I would take steps to follow their advice immediately.
Data Protection Officers:
As I am the owner and sole user of my website, the responsibility of ‘data protection’ is mine alone.
My lead data protection supervisory authority is the UK’s ICO.