SOS ....

[Nikki79]

Hi all,
I would be grateful of any help, my situation is as follows - I am a one man band self employed telesales professional- I am given data from my clients- which I call and return back to them.
I am after some advice for what I need to do for GDPR and what sort of cost am I looking at please. Very very grateful for any help!!!!!!!!!!! Thank you for reading.

 

[fisicx]

It’s not your responsibility. They are the data controller you are the data processor. It’s their GDPR/privacy policy you need to comply with.

 

[Nikki79]

Thank you,I am so grateful. Do you have a document to support this by any chance.

 

[Nikki79]

Or something I can send a client.

 

[fisicx]

Google for ICO GDPR guidelines. There are loads of documents and checklists you can refer to.

If the client isn’t interested all you need to do is make sure you have your own privacy policy

 

[Keith Budden]

You also need a clear data processor/data controller agreement with each of your clients, so that the boundaries of what each of you can do with the data are clear.

When you say you are given data by your clients which you return back to them, how does this transfer take place and how is security of the data guaranteed? Where do you store the data while you are working on it? Does your client's privacy policy expressly state that data may be transferred to you?

 

[Mike Etherington]

This question is coming up a lot. When personal data is passed from controller to processor who needs to do the agreement? And what else is needed? Does the controller write an agreement for the process to sign? does the processor do it fro the controller to sign? Does anyone need to sign anything? Maybe both parties just need their own policies? Does it go in the existing contract fro service?