Accountability
Under the GDPR, Companies are now required to keep an “Accountability” document within their administrative documentation. This document needs to contain certain elements and can be issued if required. To meet these requirements, I recommend that the text below is kept in a folder in the Business administration.
I am Jill Jones and I am a Celebrant. I may be contacted via email at hello@jillvjonescelebrant.co.uk or by telephone 07591 187950. I may process “personal data” and/or “special category data” as defined in UK data protection legislation, including UK GDPR. This processing may be on my own behalf or on behalf of my clients – either way I process data as part of the contracted services and/or my administration. I realise the importance of confidentiality. Data may be processed on paper and/or in electronic formats. When processed electronically, data may be held on a cloud based system and/or on a local server. Regardless of how data are processed, all feasible security measures are in place. Data are held as long as they are relevant to the purpose for collection and/or if there is a statutory retention period. All data are destroyed by secure means when no longer required.
If there is any international connection to the services offered, please note that as I work and am based in the UK, it is the UK laws that are extant.
Data may be shared with third parties as part of my contracted services (which may include Funeral Directors) and/or if I am required by law to do so. I cannot accept any liability for any processing conducted by a third party outside my remit.
There is a data retention schedule in place. This will allow the business to locate data quickly if required as well as documenting the Retention Policy for data.
There are technical security measures in place – encryption where necessary and restriction of access to data to maintain integrity and privacy. This is in place for both manual data and electronically-held data. Where I utilise a cloud-based system, particular care has been taken to assess the privacy of data.
Organisational measures such as procedures for handling data and storage of manual data are in place. This includes keeping data with me when travelling to venues.“
NOTE: the data retention schedule will only detail where all the data are held and who has access – as a sole trader it is a moot point.