As part of being a responsible business owner, here’s what I do to protect your data and comply with the GDPR. In compiling this list, I have benefited from information collated and shared by editorial colleagues, in particular Mary McCauley (in two posts written by Bernadette Kearns) and Melanie Thompson.
- Most of my work is digital. I keep current digital files on a password-protected machine used only by me. I also work in the cloud via a paid-for, password-protected Dropbox account. If a specific client requires me to I will use a different method of cloud collaboration.
- I back up old work files to a separate hard drive. I find it helpful to keep these old files for a number of years, and this helps my clients, too – for example, if they need me to refer back to something that they might have lost.
- If you would prefer me to delete files when I have finished working on them, or not to work on them in the cloud, I will of course comply with this.
- Some of the work I do is on hard copy. This tends to be paper proofs of books or other documents, and does not include personal data. The only client data I do keep is contact information in the form of letterheads, or old invoicing/remittance information. My hard-copy financial records date back to 2008 and are securely stored in my house.
- I will not share client work with any third party without written permission.
- I keep contact details for my clients in my email program, which is password-protected and accessed via a password-protected computer or phone, and used only by me.
- I also keep contact details in my accounting app, for the purposes of invoicing. These details are accessed only by me and my accountant.
- I will contact you to discuss current projects in the course of our work together, and occasionally to let you know of my availability for future work.
- I will not share your contact details with any third party without written permission.
- If you would like to know what contact details I hold for you, please ask – and similarly if you would like me to remove you from my contacts.
- I do not send out newsletters to my clients.
Website and blog
- I blog regularly, and people who have signed up to be notified by email of new blog posts will receive emails from me at this time.
- The list of email accounts of people who have signed up to receive emails is contained in a password-protected WordPress account, and I do not use these details for any other purpose. Please ask if at any time you would like me to remove you from this list.
- I do not currently use Google Analytics (I know, I know).
- I do not have a contact form on my website, so collect no information that way.