This email / blog is somewhat different to my usual photo output, but please give it a read, as it’s actually quite important (I’ll try and keep it as brief as possible!)
In my line of work, where collecting personal information (email addresses, names etc) is vital to maintain your business, there is a big shift in the law next month, with regard to Personal Data that I need to be compliant with or face the sort of fine that would essentially be ruinous. So, best I comply!
Essentially, GDPR is an update of the Data Protection Act, and it means that all businesses need to be extra vigilant when it comes to handling personal information.
So, pretty dull, but what does this all mean to you? There are a few expanded provisions under GDPR that give you as an EU citizen additional rights (and the UK is adopting this regardless of Brexit.) The most pertinent rights are as follows:
Right to be forgotten. You can demand that for all data pertinent to you to be permanently deleted.
Right to object. You can prohibit certain data uses.
Right to rectification. You demand for your details to be corrected
Right of access. You have the right to know what data an organisation holds about you and how it is being used.
Right of portability. You can ask for personal data held by one organisation be transported / sent to another organisation.
How does this relate to A D Hall Photography? If you’re receiving this as an email, you’re obviously on my mailing list, so I clearly hold and process a certain amount of personal data about you. All personal information I have obtained for both my mailing list and my customer / leads database up to now has been collected in a legal way under the current DPA rules and GDPR does not compel me to remove it or seek re-authorisation (but it must be handled in a compliant way in the future.)
Here is a list of the locations I may hold personal data in order to run my business:
Mailing List. My mailing list is held by a company called Mailchimp, who I use to automate the sending of ‘bulk’ e-mails (it’d be impossible to do this through Outlook!) This company is fully compliant with GDPR, and gives me the tools to properly-manage the personal data they hold on my behalf.
Customer Database. My customer and lead database is held by a company called Tave, who I use to manage names, payments, contracts and task scheduling - anything else required to run a small business. Again, this company is GDPR compliant and holds the information in a compliant way.
Online Sales. My online sales partner is a company calledShootproof. This company is also GDPR compliant and only holds sufficient data in order to process your order and deliver it to you.
Social Media and Payment Gateways. Contacts I have on social media and payment gateways is somewhat out of my direct control as the data is held by that platform (FaceBook, Twitter, PayPal etc.) Data shared with them is only done so in order to communicate with you (ie direct messages, feed posts etc) or to process a payment or refund.
The bottom line is that you are covered by the ‘Rights’ as described above. If you wish to enact any of those rights with respect to me and my business, then I will action your request as quickly as I can humanly do so – it is a legal obligation and the right thing to do.
If you are so inclined, you can read my full privacy statement HERE, and the links to my partners above will take you to their respective privacy statements.
If you’ve read this far, well done! It’s all a bit dull, but I believed it was necessary to explain to you as one of my several hundred subscribers, how I hold your data, and reassure you that I hold it and use it in a legal way.
Thanks for reading!