General Data Protection Regulations (GDPR), effective from 25th May 2018, requires us to contain client’s written consent for us to able to hold their personal data on file; and to be able to communicate with them in the future.
What does GDPR do?
Primarily, this is an improvement to the legal requirements of data holders and processors to protect personal information for any person that they hold. There are severe financial penalties if the regulations are not followed, and people have enhanced rights under the new rules. Organisations must ensure that data is kept securely and for lawful purposes only. Any data breaches must be reported immediately.
GDPR contains a series of new rights, the main ones being:
-
A person’s right to access data, must be informed about what and why the data is processed by and organisation.
-
A person’s right to rectification if data is incorrect, including erasure, in full or in part.
-
A person’s right to restrict use of data, portability and able to object.
How does GDPR affect your relationship with Goodwill Professional Services?
We are registered with the Information Commissioners Office (ICO). All personal data gathered from a client will be taken for the lawful purpose of providing legal services to them. If any data must be passed to a third party, we will obtain written consent from the client. We are required to retain client records for a maximum of six years after the person has died.
Clients can withdraw or change their consent at any time by contacting us. All processing of data will cease once consent is withdrawn, other than where is required by law; please note this will not affect any personal data that has been processed prior to that point.
If you have any questions regarding this, please contact us at Goodwill Professional Services Limited on 01451 608899 or email info@goodwillprofessional.co.uk.