Data Controller

ICO - Information Commissioner's Office

The ICO is the UK's independent authority for data protection and information rights.

Collected Personal Data

GDPR sets out 7 key principles around the collection, control and management of data:

• – Lawfulness, fairness and transparency
• – Purpose limitation
• – Data minimisation
• – Accuracy
• – Storage limitation
• – Integrity and confidentiality (security)
• – Accountability

A client should be informed via your contract what data you will hold, how long you’ll hold it and why, and that it will be held securely. Clients have:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making

Don’t forget under GDPR clients have a right to access their data so be ready for such requests – read this blog post – Hey, I want to see my data!

Purpose of collecting data

All records kept by me are confidential and subjected to the Data Protection Act 1998 which gives clients the right to access their personal data. For security, records are kept for 2 years from the last session, and it is kept by me in a secure computer only accessed by me using a strong password. When required by client, a fee of £20,00 will be required to be paid in advance when report is requested, and only the client can collect this information in person. I will not send it via post or email for security reasons. **Please note that your report will not be given to anyone else but yourself**.