GDPR Compliance Statement
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU;affording individuals stronger, more consistent rights to access and control their personal information.
Miss Libby Rose & The Pink Sewing Bus are committed to ensuring the security and protection of the personal information being processed, and to provide a compliant and consistent approach to data protection.
I have always done my very best as a growing small business to keep an effective data protection program in place which complies with existing law and abides by the data protection principles. However, I recognise the obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.
Miss Libby Rose & The Pink Sewing Bus is dedicated to safeguarding the personal information under my remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. The preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
How I Have Prepared for the GDPR
- Miss Libby Rose already has a consistent level of data protection and security across the processes including using Gmail for emailing, Mailchimp for newsletters & updates, WordPress for website, Eventbrite for event booking which all are compliant with the GDPR and MLR has followed the instructions given by Mailchimp to ensure emails are compliant and easily accessible to ‘opt out’ and emailed all those already on the mailing lists giving the option to choose how they would like to receive marketing information or to simply opt out. This email can be viewed here:
https://mailchi.mp/miss-libby-rose/cmon-cmon-lets-stick-togetherInformation Audit – MLR holds information from participants involved in workshops whether online or in person or those that have shown interest. There are records kept on what personal information I hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures – revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: –
- Data Protection – This procedure document for data protection has been produced to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that i understand as best I can and adequately disseminate and evidence my obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention – Personal information is stored, archived and destroyed compliantly and ethically.
- Data Breaches –breach procedures ensure that I have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Passwords are in place on computers and hand held devices and the third parties named above are all secure.
- Privacy Notice/Policy – Privacy Notice to comply with the GDPR: ensuring that all individuals whose personal information I process have been informed of why I need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- Obtaining Consent – I have revised my consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to processing their information. I am making sure that I can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent or opt-out at any time.
- Direct Marketing – I have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all marketing materials.
Information Security & Technical and Organisational Measures
Miss Libby Rose takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that she processes to the best of her knowledge.
If you have any questions about my compliance with the GDPR, please contact me ( Libby Rose)