The General Data Protection Regulation (GDPR) is a new EU law that comes into effect on 25 May 2018 to replace the current Data Protection Act.
Like me you’ve probably been inundated with emails from companies you may not even have signed up for in the first place asking if you want to “opt in” to their mailing lists. This is because there will be fines of up to €20 million for unauthorised use or storage of your data if you have not given explicit consent for businesses to keep you on a database.
I have been advised to publicise my GDPR-compliant policy about handling data so here goes:
Before this deadline I deleted all contact details over 7 years old. I need to keep records of income streams from the last 7 years in case the taxman wants to investigate me so I can show sources of revenue to prove I’m not money laundering! I have encrypted these retained details in a password-protected zip file and will update it each year to remove older records.
I have deleted old client emails and text messages.
The only personal details I will retain digitally are for my current customers which is allowed under the act. I have always burnt or shredded the paper forms people fill out at the end of each term anyway but now I will destroy current paper forms immediately after entering them into my database.
My client database is held on an encrypted disc on a password-protected computer.