CONTACT
logo-med

TAKING THE STRESS OUT OF DATA PRIVACY

for artists, creatives, sole traders and small businesses

WHAT IS DATA PRIVACY?

Unless you’ve been living off-grid for the last few years - and if you have, you’ve come to the right place, and we definitely need to talk - you’ll know a little about data protection. You’ll certainly have heard of ‘GDPR’ (‘the General Data Protection Regulation’), the most recent European data protection law. If nothing else, you’ve probably heard that it’s terrifying. Well, it can all seem complicated, but it really isn’t. At heart, it’s about using peoples’ personal information fairly and safely, being open and honest with them about how you’re using it, and respecting people’s privacy.

The problem is that there’s a lot of scaremongering and misunderstanding about data protection in general, and GDPR in particular. In reality it is not intended to tie you up in knots that stop your business from functioning. Quite the opposite, in fact, because if you get the balance right, you’ll build the trust of your customers - which can only be a positive thing for any business.

ABOUT YOU

You’re an artist, a maker, a craftsperson. You create things. Or you’re a small business, a sole trader, a one-man-band. You supply a product or service to your customers. Or you might be a small charity or not-for-profit group.

Whoever you are and whatever you do – whether it’s painting portraits or kitchens, arranging flowers or mortgages - that’s your thing. You’re good at it and you just want to get on with it. You don’t want to spend time worrying about data protection, because that’s definitely not your thing. You know it’s important but you’re too busy, or it’s too complicated, or it’s too expensive, or maybe you simply don’t know where to start or who to ask.

That’s where I come in. Data protection is my thing, and I can take the stress out of it so you can get on with doing your thing with one less thing to worry about. And that has to be a good thing!

I know what your business really needs

Sounds like a big claim, doesn’t it? I’ve specialised in this field for two decades in some very complex businesses as well as some very simple ones, and I’ve been through two major changes of data protection law, so I really understand it both in theory and in practice. I can separate myth from reality, and real risk from scaremongering. I can tell you clearly what your small business really does and does not need to do. Most important of all, I know that one size definitely does not fit all, and I’ll listen to you and give you advice that works for your business.

Does My Business REALLY Need This?

Yes. Data privacy applies to your business if you hold or use personal information about any individual people. That’s most likely to be your customers, but includes employees if you have them, and any other people your business deals with. That means legally you will have responsibilities and obligations, but the good news is that they won’t be complicated or expensive (unless you’re busy building something to rival Amazon or Google, of course). That doesn’t mean they’re not important, though – and getting data privacy right is an investment in the future of your business.

Some Things The Privacy Guru Does Not Do:

Legalese, management-speak, graphs and matrices - no pictures of smiling executives pointing at charts on this website, are there? - lengthy reports, scare stories, upselling, cross-selling, or hidden charges. And I definitely do not do charging you huge amounts of your hard-earned money for things you don’t need. What The Privacy Guru does do is simple, friendly and approachable, honest advice, plain English, common sense, listening to you, and clear, upfront pricing.

But Lots of Companies Don’t Bother So Why Should I?

Believe me, I know. There are companies large and small who haven’t bothered about data protection, either before or after GDPR – and they’ll probably ‘get away with it’. If you’re thinking ‘why should I bother then?’, take a moment to think: do you want to be a business that cuts corners and ‘gets away with’ things? Do you want your customers to trust you? And how would you feel if another business took the ‘why bother’ approach with your personal data? If you still don’t get it, I really can’t help you! If you do, drop me a line. Then take a deep breath and prepare for a weight to be lifted from your busy shoulders, because the privacy guru is here to help.

26165207_10156837803077656_5425184799551629668_n

ABOUT ME

I’m a data protection and privacy (let’s call it ‘Data Privacy’ because it’s easier to type) specialist with twenty years’ experience of applying data protection law in a wide range of industries and settings. I’ve worked in large global organisations, including some household names, and I’ve also advised small businesses and sole traders, so I understand that your needs are very different from those of a large corporation - as are your time, your priorities and, of course, your budget. I’m also an artist, designer/maker and small business owner, so I know some of the challenges that come with running your own business, particularly in the creative sphere.

MY MISSION

I believe in taking the mystery out of data privacy and keeping it simple. I also believe that good, straightforward, expert advice should be easy to come by and should not cost a fortune. My mission is to provide you with simple and clear data privacy services at a fair, affordable price.

PRODUCTS AND PRICING

Just write me a privacy policy, please! (£75)

No problem. I’ll write you a clear, simple privacy policy that complies with data protection laws and reflects your brand or style.

Why do I need this?

If your business uses any personal information about customers (or staff, if you have them), legally you need to tell them what and where, plus a few other pieces of mandatory information. Don’t worry - you don’t need pages of small print. The very opposite, in fact. Data Privacy law requires you to make your privacy policy clear, simple, concise, honest and understandable.

What’s good about it?

Well, apart from being a legal requirement, the privacy policy is also a chance to show customers that you take data privacy seriously, and to gain their trust.

What do I get for my money?

  • A privacy policy for use on your website, plus (if applicable) a version for offline use
  • Written guidance on how and where to use and communicate your new policy, including guidance on obtaining consents from your customers, if applicable
  • If applicable, a short ‘cookie notice’ for use on your website
  • If applicable, wording to use in obtaining customer consents

What’s included in the price?

  • An initial chat by phone or online where we’ll talk through your needs, I’ll gather the necessary information and we’ll agree timescales
  • Any phone or e-mail conversations we may need to clarify points on either side
  • Up to two rounds of review and revision to the final document (further rounds of revisions are £5 each)
  • A final follow-up chat by phone or online to make sure you’re happy.

A privacy policy and a set of Terms and Conditions (£175)

Double trouble, eh? No problem. I’ll write you a straightforward and understandable set of Terms and Conditions for your business and a clear, simple privacy policy that complies with data protection laws and reflects your brand or style.

Why do I need this?

Your terms and conditions are where you set out what you will provide to your customers, expectations and responsibilities on both sides and the limit of your legal liabilities. In the event of any disagreement, they are there to save your bacon (or, indeed, your Tofu-con if that’s your thing). They’re like the airbag in your car: you won’t truly appreciate them until you really need them, but then you’ll see that they’re priceless.

If your business uses any personal information about your customers, the law requires you to tellthem what information you’re holding and why, along with a few other pieces of mandatory information. This must be a separate document, not part of your terms and conditions.

What’s good about it?

Think of your T&Cs and Privacy Policy as the twin pillars that hold up your business. Done well, they’ll give your customers clarity and you peace of mind. Win: win!

What do I get for my money?

  • A privacy policy for use on your website, plus (if applicable) a version for offline use
  • A set of T&Cs
  • Written guidance on how to use and communicate your new policy and T&Cs, including guidance on obtaining consents from your customers (if applicable)
  • If applicable, a short ‘cookie notice’ for use on your website
  • If applicable, wording to use in obtaining consents

What’s included in the price?

  • An initial discussion by phone or online where we’ll talk through your needs, I’ll gather the necessary information and we’ll agree timescales
  • Any phone or e-mail conversations we may need to clarify points on either side
  • Two rounds of review and revision to the final documentation (further rounds of revisions are charged at £5 each)
  • A final follow-up chat by phone or online to make sure you’re happy.

Help with Marketing (£50)

Just tell me how you’d like to reach your customers or prospective customers and I’ll help you find a legal, fair and effective way to do it.

Why do I need this?

Whether it’s woolly jumpers, window cleaning or widgets, it’s vital to promote your products and services in the right way at the right time. There are lots of misunderstandings about data protection and marketing, and the whole thing can feel like a minefield. It really isn’t, and I can guide you through it.

What’s good about it?

You’ll understand what you can and can’t do to promote your business without annoying either your customers or the regulator.

What do I get for my money?

  • A discussion by phone or online, in which we’ll talk about your business, your marketing aims and ways of achieving them, including whether or not you need to obtain consent. If I can’t provide you with guidance during the call (for example, if I need to review your existing marketing material first) we’ll agree a timescale at this point.
  • Written confirmation of the advice and guidance advice I’ve given during the consultation
  • If applicable, a set of wording you can use to obtain consent to marketing, and guidance on how and where to use it.
  • If applicable, a set of marketing-related wording for you to include in your privacy policy

What else is included in the price?

  • Any phone, online or e-mail conversations we may need to clarify points on either side
  • One round of revisions to any wording I prepare for you (further rounds of revision are £5 each)

What’s not included?

  • Advice on any aspect of marketing other than data protection/privacy (although I may point out any issues I feel you need to address)

Important note: more complex businesses

This package is suitable for most artists, creatives and small businesses. However, if your business operates in a regulated industry, carries out online marketing via third parties; buys, sells or shares marketing data, or has other more complex arrangements there will be an additional charge. If this applies, I’ll confirm it with you in our initial meeting.

New company set-up package (£275)

Maybe you’re just starting out on your own, building a website to sell your work or setting up as a business. You might even be buying a small business. Whatever you’re doing, it’s a busy time and you’ll have plenty to think about without worrying about data privacy. Yet sorting it out now can save you time, money and hassle further down the line. It needn’t be complicated, and it needn’t cost you an arm and a leg. Starting out in the right way means you’re setting yourself up for success – and who doesn’t want that?

Why do I need this?

There are a few basics that every business needs to have in place to make sure it stays on the right side of the law, so call in the Guru and cross a few things off your ‘To Do’ list!

What’s good about it?

You get all the data privacy basics you need at this stage, plus a set of terms and conditions for your business, all in one lovely little package. And, if that wasn’t enough, you have the confidence of knowing there’s an expert just a phone call away over those first few months of trading!

What do I get for my money?

  • An initial discussion phone where we’ll talk about your business and establish needs and timescales
  • A privacy policy for use on your website (and a version for use offline if you need it)
  • A set of Terms and conditions for your business
  • If applicable, a cookie notice for use on your website
  • A detailed set of guidance tailored to your business and including, as applicable: storing and deleting information, marketing, how to handle data privacy requests from customers, how to handle a data breach, data sharing and basic data security measures.
  • If applicable, suitable wording for use in obtaining customer consent (e.g., if you’re signing people up to a newsletter or mailing list)
  • Registration with the ICO - a legal requirement for most businesses. The ICO registration fee of approx. £40 is included in the price. If you’re exempt from registering or if you’re already registered, I’ll deduct this from your bill.
  • Over the 3 months immediately following completion of all the above, should you need it, the Guru will answer 3 simple data privacy questions or assist you with 3 simple data privacy issues.

What else is included?

  • All e-mails or phone/online calls needed to clarify points on either side
  • Review of any data privacy-related documents you may already have in place
  • Reasonable amount of research, if this is necessary due to any special requirements of your industry or sector.

What’s not included?

  • Advice on any aspect of your business other than data privacy and Terms and Conditions.

Data sharing – scary contract stuff! (£85)

If your business shares personal data with any other organisation, both you and it are liable for what happens to the data while they’re using it. Data privacy law requires you to have a written contract or data sharing agreement in place which must include certain things. Contracts can look terrifying if you’re not used to dealing with them, but they needn’t be. I can help.

Why do I need this?

As well as being a legal requirement, the data sharing agreement or contract is where you set out exactly what you’re allowing and requiring the other party to do with personal data and vice versa. It’s an important document and you’ll rely on it in the event of any problems, so you need to have the right wording in place and – most importantly – you need to understand what that means in practice for your business.

What’s good about it?

You’ll get the peace of mind that comes from knowing that your contracts comply with the law and you’ll understanding the rights and responsibilities you’ve signed yourself up to.

What do I get for my money?

  • If you already have a contract or a template, I’ll review it and either make, or provide you with a list of, the changes needed to bring it into line with data privacy law

  • If you don’t already have a suitable contract or data sharing agreement in place, I’ll write a set of template paragraphs for you to include in, or use alongside, any future contracts.

  • I’ll explain to you (and confirm in writing) what the wording in the data privacy sections of your contract mean in practice for your business.

What else is included?

  • Initial discussion by phone or online
  • Any phone/email/online conversations needed to clarify points on either side
  • Two rounds of review and revision to the final documentation (further rounds of revisions are charged at £5 each
  • A final follow-up chat by phone or online to make sure you’re happy.

What’s not included?

  • Review of, or advice on, any sections of the contract that don’t relate to data privacy, confidentiality, and security (although I may, at my discretion, and without additional charge, offer general comments or suggestions on other aspects of it as I go through the document).
  • Advice on any commercial aspects of the contract, its overall legality or its overall suitability for your business.

Important note:

Depending on the nature and value of the contract, you may still need to seek advice from a legal advisor to ensure you are compliant with contract law and any other requirements that apply to your industry or activity.

Emergency Support Package (£500)

Sometimes, despite the best of intentions, things go wrong. That’s life. Perhaps you’ve lost some customer information; maybe you’ve sent some sensitive details to the wrong person, or been hacked, or left your laptop on the train. What do you do? You act fast and call in The Privacy Guru.

Why do I need this?

The most important thing about a crisis is that you face up to it and handle it quickly, calmly and effectively. In some situations, you are legally required to notify your customers of a data breach and, if it’s really serious, you may need to inform the Information Commissioner’s Office, but it’s not always easy to know what to do when you’re in the thick of it. That’s where I come in. I’ll help you through it calmly, discreetly and with no drama. And don’t worry: whatever it is, I’ve seen and heard it all before!

What do I get for my money?

  • An initial discussion in which we’ll discuss immediate steps you need to take to try and stem the damage

  • A clear plan of what to do next - including whether and how to notify people of what’s happened - as well as longer-term remedial and preventative actions

  • If necessary, I will manage contact with the Information Commissioner’s Office on your behalf.

  • Suitable wording, where applicable, for notifying customers or staff of the issue

  • If applicable, preparation of response letters for the Information Commissioner’s office until the matter is resolved

What else is included?

  • Phone, email and online support with managing the situation through to resolution
  • Two follow-up calls (time/dates agreed between us) once the problem is resolved to see how things are going post-recovery

What’s not included?

  • Any further advice or support once the crisis has been resolved (other than in the two scheduled follow-up calls)
  • Advice or support on any issues not directly related to the crisis in hand
  • Support with any legal action or ICO enforcement action that may result from the crisis (This is available at extra cost)

Data Privacy Health Check (£100)

Your business has been going a while and maybe you haven’t given much thought to data privacy, or perhaps you have but would like some reassurance that you’re doing it right. Maybe all the talk of ‘GDPR’ has been niggling away at the back of your mind. Well, you’ve come to the right place. I’ll take a detailed look at your business and tell you how you’re doing, and whether there’s anything you need to do differently and help you get to where you need to be.

Why do I need this?

If you’re handling any kind of information about individual people – customers, employees or anyone else, you have legal responsibilities over that data. Ignoring these and hoping nothing ever goes wrong can prove a costly strategy - prevention is always better than cure!

What do I get for my money?

  • Initial discussion where we’ll talk about your business and its needs and agree work and timescales

  • Review of any existing data privacy wordings, policies and processes you already have in place, if applicable

  • Review of your Terms and Conditions

  • If applicable and necessary, I’ll visit your premises to look at, for example, your physical security arrangements

  • A de-brief meeting where we’ll talk through what I’ve found and a written summary with recommendations in order of risk and priority

  • If applicable, a clear written plan for tackling the risks and recommendations I’ve identified

  • Simple amendments to any existing data privacy policy or wordings (if a complete re-write or more substantial changes are needed, they will be subject to an extra charge if you decide to go ahead with them.)

  • Simple amendments to your Terms and Conditions (If a complete re-write or more substantial changes are needed, they will be subject to an extra charge, should you wish to go ahead with them.)

  • Scheduled follow-up discussion after 3 months to see how things are going

What else is included?

  • All Calls/emails we may need to clarify points on either side
  • A reasonable amount of research if needed

What’s not included?

  • New documents created for you completely from scratch (for example if I write a completely new privacy policy for you rather than updating one you already have)
  • If applicable, the Information Commissioner’s Office registration fee (Approx. £40)

Help for employers (£130)

Taking on an employee, eh? Well, look at you with your expanding business. Congratulations! Employing people does bring its own challenges. Data privacy need not be one of them, so let me help you through it and take at least one weight off your mind.

Why do I need this?

Data privacy applies to personal information about employees just as it does to customer data. As an employer you have legal responsibilities over employees’ data and their privacy at work, and they have legal rights. There are a few small but important legal differences between employee and customer information, which are potential pitfalls for the unwary but expert help at this stage can help you avoid them!

What’s good about it?

As well as the obvious peace of mind that comes with knowing you’re on the right side of the law, your employee(s) will know they can trust you with their personal information - and you want happy staff, don’t you? Of course you do!

What do I get for my money?

  • Initial discussion, where we’ll talk about your business and its needs, I’ll gather the information I need, and we’ll agree timescales.

  • Clear written advice on what to do, ordered by risk and priority level

  • Preparation of any necessary wordings or documents, as applicable, such as a privacy policy for your employees and suitable wording to go in your employment contracts.

  • A wrap-up discussion to ensure you understand the advice provided and answer any final questions.

What else is included?

  • Any phone calls or e-mails we may need to clarify points on either side
  • Review of any existing documentation you may be using

What’s not included?

  • Advice on any aspect of your business other than data privacy as it relates to employment and employees.

I have a silly question… (£25)

No, you don’t - because while there are many questions in data privacy, none of them are silly. It might be ‘how long can I keep this type of information?’, ‘can I share this bit of information with my customer’s partner?’ or ‘Is this data secure enough?’ It could be about buying data, storing data, selling data, deleting data, talking to customers, sending data abroad, using another company to manage your mailing list, how to identify a customer over the phone. It could be absolutely anything. But don’t worry about it – just talk to the Privacy Guru and I’ll answer it for you.

Why do I need this?

Well, you could use Google - but how do you know you’re getting accurate information? (And you know you’ll get side-tracked looking at cat videos). If you have a question about data privacy, it’s always best to get the answer from an actual expert, which is me. And, what’s more, I’ll explain it to you in words a normal person will understand!

What’s good about it?

You get a clear answer to your question from someone who’s been doing this data privacy stuff for 20 years. There’s nothing I haven’t heard before and I’m dead friendly, honest!

What do I get for my money?

  • A phone or online call (or e-mail if you prefer) to discuss the topic that’s bothering you

  • Written confirmation of the advice I give, so you don’t need to scribble down notes.

What else is included?

  • If applicable, review of any relevant documents/paperwork
  • A reasonable amount of research, if needed
  • Reasonable follow-up questions by e-mail or phone

What’s not included?

  • Advice or guidance on anything not directly related to the query in hand.

Annual Subscription Package (£600 annually (paid in advance) OR £60 by monthly standing order)

If you’d like to have advice and expertise on call, with reassurance that brings, you can choose to take out an annual subscription and the Privacy Guru will hold your hand. Not literally, of course, because that would be weird. And we’ve only just met.

Why do I need this?

This package is designed to give you the confidence of knowing that an expert has looked at your business and set you on the right path, with the added peace of mind that comes from having friendly, expert help and support just a phone call or mouse-click away.

What’s good about it?

Your very own Data Privacy Officer – an industry expert, no less - on call for a whole year but without having to make her coffee, listen to her droning on all day about her cats or put up with her annoying habit of throwing things at the bin and missing. I’d say that’s a win!

What do I get for my money?

The annual package is designed to be bespoke, so we tailor it to your needs, but as a guide, you’ll get:

  • An initial meeting/discussion at which we’ll talk in detail about your business and its and work out a plan for the year
  • A clear, written version of that plan so you’ll always know what we’ve agreed to do, when and why.
  • If applicable, a clear written summary of risks, issues and recommendations, ordered by risk and priority.
  • A review of your existing T&Cs, privacy policy and any other data privacy related documents you may already have
  • Registration with the Information Commissioner’s Office (a legal requirement for most businesses). If you’re already registered, or are exempt from registration, the £40 ICO registration fee will be deducted from your first month’s payment.
  • If applicable, a visit to your business premises to look at physical security measures and data storage arrangements
  • Preparation of the following if you don’t already have them (and as needed): privacy policy, terms and conditions, cookie notice, data retention and destruction plan, contract wording, process for handling data requests from customers and any other necessary documents OR, if you do already have them in place, I’ll review and update them.
  • Access to our online data privacy training module, developed with our friends over at Sun Spiral training
  • Quarterly meetings (usually online) throughout the year, to check how things are going
  • Reasonable amount of E-mail and phone/Zoom support throughout the year
  • Emergency support, should the worst happen and a data privacy breach or a customer complaint occur
  • Throughout the year, I’ll proactively keep you informed of any changes in the law or regulation that affect you, recommend actions you need to take and update your bespoke plan as appropriate
  • I’ll handle any interactions with the Information Commissioner’s Office for you

What else is included?

  • If applicable, a reasonable amount of research into relevant data privacy matters
  • Other items at my discretion
  • Goodness me, what more could you possibly want?!

What’s not included?

  • Review or preparation of any documentation other than those relating to data privacy and your terms and conditions
  • Advice or guidance on anything not data privacy related

An Audience with the Privacy Guru (£250 half day - £400 full day)

I’m sorry to disappoint, but this is not as exciting as an audience with the Dalai Lama, although it will bring you some peace of mind. The ‘in person’ option is ideal for a group of artists/creatives or small businesses sharing studios/offices or based near each other. Even better, now that we all know that Zoom is a truly wondrous thing, you and your friends/colleagues can even be at opposite ends of the country, and we can still do this effectively!

Why do I need this?

You get to club together with friends or fellow businesses and have a group session with the privacy guru and split the cost between you.

What’s good about it?

What isn’t good about it? You get a whole day or a half day with the Privacy Guru, and split the cost with your friends.

What do I get for my money?

The format and subject matter are tailored to your needs, but the most popular options are:

  • A question-and-answer session
  • An informal training session, where I talk you all through a particular aspect of data privacy, such as marketing or data sharing
  • A more formal training session on data privacy where I deliver a tailored session to the group
  • A ‘drop in’ clinic where I spend a day or half day at your premises and you drop in with your individual queries or, if you prefer, book timeslots with me.
  • Or the online equivalent of a ‘drop in’ clinic where we book time slots throughout the day, so you all have some time with me over Zoom (or Teams or Skype, as you prefer)

What else is included?

  • Initial discussion to find out what you need and arrange times/dates etc
  • Preparation of a tailored session, if applicable
  • A reasonable amount of research, if applicable
  • Written summary of advice and recommendations given
  • Each participant gets a 10% discount on the Privacy Guru’s other services, valid for one year.

What’s not included?

  • Venue hire, if applicable
  • Detailed review or preparation of individual businesses’ documentation (unless by prior agreement)

NEW for 2021 – The Privacy Guru does terms and conditions too!

It isn’t data privacy, but one thing that goes hand in hand with it is a good, clear set of terms and conditions for your business website. Your ‘T&Cs’ are where you set out what you’re offering, your rights and responsibilities, what you’ll do and what you expect from your customers. They’re also what you’ll rely on in the event of a dispute, so it’s important to get them right - but they won’t bail you out in your hour of need if they’re not clear and understandable.

Copying a chunk of templated legal text from the internet or from another business may seem like a great money-saving idea but it’s a false economy if you can’t rely on it when you need it. However simple your business, a good set of T&Cs will be worth its weight in gold in the unfortunate event that you ever need to rely on it. It shouldn’t go on for miles or be written in legalese. Neither should it cost a fortune. Trust me, it’s worth doing properly - and I’m here to help.

What to do now?

What are you waiting for? Drop me a line! I’m looking forward to meeting you.

CONTACT

NEW – Data Privacy online training!

We’ve teamed up with our friends at Sun Spiral, an independent e-learning company providing self-led online training and one to one coaching for professional development, to offer you online training in Data Protection for only £25.

It’s written for ordinary people, whether or not they have any data protection knowledge, and it explains data privacy in a simple and understandable way. You can find out more, and sign up here: Sun Spiral

Cookies

The Privacy Guru loves cookies, but only the edible kind. The internet kind, not so much. This website doesn’t use cookies or similar technologies to collect any personal data about you. It only uses them where essential to make the site work. So go ahead and browse all you like, safe in the knowledge that Big Brother is not watching you! If you work with the Privacy Guru, you will of course need to provide some personal information and that’s all explained in the Privacy Policy below.

Privacy Policy

As a data privacy professional, I get to talk about personal data all day long yet I actually handle very little of it myself. All the fun with less of the responsibility, you might say. Although you might, quite rightly, also challenge my definition of ‘fun’.

I’ll always minimise the personal information I use in my work but of course I will need some. As you’d expect, I practice what I preach so this policy sets out the ‘who’, ‘what’, ‘when’ and ‘why’. I’ve kept it simple because it is simple, but if you have any questions after you’ve read it or would like more detail about anything in it, please drop me a line.

In case you’re in a particular hurry, I’ve highlighted some sections that you really do need to read before we start working together. Please do take a minute or two to read them.

First things First

Let’s make sure we all know what it is we’re talking about here. I use the terms ‘personal data’ and ‘personal information’ inter-changeably because that’s just how I roll. Sometimes I shorten it to ‘data’ or ‘information’. If we were in a room full of privacy professionals there’d be lengthy debate about how exactly I’m using those terms. That’s what privacy people are like when we get together (imagine a room full of accountants but with all the fun taken out. And fewer fancy cars parked outside). Fortunately, I’m the only privacy person in this room so for the purposes of this policy and website all four of those terms refer to what data protection law defines as ‘personal data’. That’s information about an identifiable living person, i.e. you, my client. You’re the one I’m talking about when I use ‘you’, ‘your’, and ‘yours’ here. Obvious, I know, but stick with me; this stuff is important and it’s always best to be clear.

You and your business

When you’re a small business, particularly a sole trader, the line between work and personal isn’t always clear-cut. You are your business, so information about your professional life can also be, in effect, information about you as a private individual. Please be assured that I treat all information as equally important and give it the same level of care, protection and respect.

Who are you, Privacy Guru?

That’s not a lesser-known song by Marc Bolan, but I bet you’ve got it stuck in your head now. ‘I’, ‘me’, we’, ‘us’ and ‘our’, of course, refer to The Privacy Guru. That’s a trading name of Louise Wiseman Limited, registered address 3 Charnwood Street Derby, DE1 2GY. Louise Wiseman Limited is a ‘data controller’ for the purposes of data protection law, which means I’m legally accountable for the way I use your personal data.

Where I refer to ‘Current Data Privacy law and regulation’, ‘Data privacy law’ or ‘Data Protection law’ I mean the data protection law and regulation that’s currently in force here in the UK. At the present time (August 2021), that’s EU General Data Protection Regulation 2016/679 (‘GDPR’) as applicable to the UK, the UK Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (as amended most recently 2018), and applicable secondary and supporting law and regulation.

The Information Commissioner’s Office is the UK’s data protection regulator, which I may just refer to as ‘the regulator’ or ‘ICO’

What personal information does the Privacy Guru collect?

  • On this website: None. And we don’t track you around the internet either. That’s a refreshing change isn’t it?
  • Enquiries: If you contact me but we don’t take things forward, I won’t hold onto your contact details or query.
  • Working together: To provide you with the service you’ve asked for, I’ll need some information about you but it will usually be limited to contact details, e-mails and order/payment details. If I ask for any other personal information about you or another person, such as someone who works for or with you, I’ll explain why I need it and then only use it for that specific purpose.
  • Information provided by someone else: Occasionally, a mutual contact gives me someone’s details and suggests I get in touch with them. If that happens, I’ll tell you who which of your friends referred you and check that anything they’ve told me is correct. If we don’t take things further, I won’t contact you again or hold onto your details unless you ask me to.
  • Information you share while we’re working together: confidentiality: This should go without saying, but anything you tell me or anything I see, hear or read about you while we’re working together will remain confidential. That applies to all types of information, personal or otherwise. Whether it’s the state of your bunions, gossip about your business partner, your annual turnover or your strategy for world domination, it goes no further, ever. In the interests of transparency, though, please do read the paragraph, ’who does the Privacy Guru share information with?’, which outlines extreme circumstances in which I might be compelled to share details about you. Conspiracy theorists will love it. The rest of you, please don’t have nightmares.

How do you use my personal information?

I’ll use it only to do the work we’ve agreed and to maintain my accounts and business records. Note to any data privacy nerds out there: in the language of the GDPR, this means I’m processing data on the grounds of ‘contractual necessity’ and ‘legitimate interests’ respectively. If I need or want to use your data for any other purpose, I’ll ask you first and you’ll be free to say no.

Nobody likes a pessimist, but it’s best to be clear from the start, so please note that in the unlikely event that I need to defend or protect myself in legal proceedings, I’ll use your personal data as far as is needed for that purpose. But let’s not dwell on the negatives. Moving swiftly on to…

How long do you keep my personal information?

I keep personal information only as long as it’s needed to meet legal obligations and keep accurate and meaningful business records. In practice that means keeping basic details (the things you’d expect to see on an invoice) for seven years for tax purposes, and anything else for a maximum of twelve months after we finish working together.

Who does the Privacy Guru share my personal information with?

You’ll be pleased to hear that I don’t, and I won’t, unless:

  • You ask me or give me consent to do so,
  • It’s an unavoidable part of the information I need to share with my accountant or other similar professionals,
  • There’s a major dispute between us (pessimists, conspiracy theorists and budding supervillains take note) and I need to involve lawyers, courts, debt-tracing agents or similar.
  • Even less likely to happen, if you do turn out to be a supervillain (or even just a standard villain) and the police, HMRC or any similar body comes knocking with a valid warrant or court order for information about you. I’ll always check their documentation is legal and valid before I divulge the little information I have about you, but I’m a privacy guru not a freedom fighter, so I will comply with the law.

What rights do I have over my personal data?

Data Privacy law gives you several rights over your personal data, but as the information I collect about you is both minimal and vital for us to do business, most won’t apply in this context. For that reason, and because we all hate long privacy policies, I’ve decided not to go into detail about them all here. Instead, I’ll simply say if you have any questions about this, just ask me. Alternatively, have a look at the ICO website (link below) which is a great resource on all aspects of data protection.

I do, however, need to make you aware of the following three rights that could apply here:

The right to have errors in your personal data rectified.

It’s in both our interests that I have accurate information, so if you think I’m holding any data that’s inaccurate, please let me know and I’ll update it pronto.

The right to know and see the personal information I hold about you.

I’ve explained (‘What information does the Privacy Guru collect?’) what I hold and why, but if you’d like a copy, please let me know. It will usually consist only of contact details, any e-mails and a list of the work done and price paid, so it won’t be exciting. No secret dossiers here, I’m afraid.

The right to complain to the Information Commissioner’s Office (ICO)

If you believe I’ve breached data privacy law, you have the right to complain to the ICO. I hope you never need to do so, and that if there’s ever a problem we’ll resolve it amicably between ourselves, but this important right is there if you need it, and the ICO is at https://ico.org.uk

Cookies & Privacy Policy

Terms and Conditions: A Few Things You Need to Know Before We Work Together

I know, I know, nobody reads these things, do they? They are important, though, and you are accepting both these and our privacy policy when you engage The Privacy Guru so we really would advise you to spend a few minutes reading them. If you’re in a hurry, please make sure you read the highlighted sections as these are things that you really should know before we do business together.

  1. It’s probably obvious, but…

In this document, and elsewhere on this website, ‘we’, ‘me’, ‘I’, ‘our’ and ‘my’ mean The Privacy Guru (‘The Guru’ or ‘TPG’), while ‘You’ and ‘your’ mean the individual or small business engaging The Privacy Guru’s services.

Services’ refers to the work you’re engaging us for; data protection and privacy advice, guidance, support, expertise or documentation of any nature and in any format. Similarly, ‘advice’, ‘guidance’, ‘support’, ‘work’, ‘products’ and ‘packages’ refer to the services we offer or provide.

Any agreement between us is governed by English law.

Please also have a look at our privacy policy, which explains how we use your personal information

  1. The Privacy Guru: who we are, what we offer and who can use our services

The Privacy Guru is a trading name of Louise Wiseman Limited, registered office 3 Charnwood Street, Derby, DE1 2GY. The name ‘The Privacy Guru’ is a trademark owned by Louise Wiseman Limited.

The Privacy Guru exists to provide affordable, independent data protection and privacy expertise that’s tailored to the needs of artists, craftspeople, creatives, sole traders, small businesses, local charities and not-for-profit groups. Our services are designed and priced to suit these individuals and groups, whose data privacy needs are typically straightforward but who might otherwise be unable to afford the cost of expert data privacy advice.

TPG’s services are not intended for larger organisations, which typically have more complex needs and will be better served by our sister company, Wiseman Data Privacy, which offers a broader and more in-depth range of services and has a different pricing structure. We have sole discretion to decide whether your business is better suited to working with The Privacy Guru or Wiseman Data Privacy and, where applicable, will discuss and confirm this with you before we agree to work together.

Our lower prices require fair play on the part of our customers, so please be honest about the size, structure and nature of your business, as if it later comes to light that you have given false or misleading information in order to obtain cheaper services, I reserve the right to:

  • Cease any work in progress and stop providing services to you without refunding any money paid up to that point; and/or
  • Where work has already been completed, require you to pay the difference between the amount you have already paid and the amount you would have been charged for the same work had it been carried out through Wiseman Data Privacy.

We reserve the right to take on work from any person or organisation at any point for any reason.

  1. What Counts as a ‘Small Business’?

For the purposes of determining eligibility for The Privacy Guru’s services, a ‘small business’ is a business with no more than three employees in total, including the owner/director. At our sole discretion, we may take into account other factors such as your company’s annual turnover or legal structure, and if there’s any doubt about eligibility, we will discuss and confirm it before agreeing to work together.

  1. Charities and not-for-profit groups

The Privacy Guru’s services are suited to the needs of small local charities and community groups. Local branches of larger national charities may also be eligible for our services, depending on factors such as whether they are self-governing or centrally governed, and the level of support and funding they receive from their national headquarters. If applicable, we’ll discuss and confirm eligibility before any work is agreed and I may instead offer to provide services through our sister company, Wiseman Data Privacy, charged at the applicable Wiseman Data Privacy rates.

If you are a local branch of a national charity, it is your responsibility to obtain any necessary permissions, budgetary approvals, brand guidelines or other requirements from the charity’s headquarters before engaging our services. Once work is complete, you are responsible for obtaining necessary approvals to use any internal or public-facing documentation we create for you.

  1. Pricing, Discounts and Promotions

The Privacy Guru exists to bring data privacy expertise within the reach of small businesses which might otherwise be unable to afford it, and our services are priced accordingly. We may sometimes offer promotions, offers or discounts to certain types of business or individual, and may require you to provide reasonable proof of eligibility before applying the discount. We reserve the right to introduce, change or withdraw these at any time with no notice, but will honour discounts already agreed in writing. We may change The Privacy Guru’s prices at any time with no notice, but will always honour prices agreed in writing for work that is already confirmed, scheduled or in progress.

  1. What if I’m based outside the UK?

The Privacy Guru is UK-based so primarily offers services to businesses and individuals within the UK but we’re usually happy to work with businesses outside the UK, so by all means get in touch! If your location means I need to undertake additional research or work, I reserve the right to charge an additional fee or offer instead to provide services through our sister company, Wiseman Data Privacy, but we’ll confirm this before any work begins.

  1. What to Expect When you’re working with The Privacy Guru

Once you’ve engaged our services:

  • We agree to provide you with data protection and privacy expertise, guidance and support as detailed in the relevant product page on this website (and re-confirmed to you via e-mail before work begins), based on the information you give us about your business and in line with the current legal and regulatory framework.
  • You agree to pay all amounts due for the work agreed, including any additional agreed items such as mileage. You also agree to provide any information we reasonably request about your business so that we can give you the most appropriate advice and support. The Privacy Guru is not liable for loss or damage of any kind that results from your failure to give us complete or accurate information about your business.
  1. What is and isn’t Included?
  • Before engaging our services, please ensure you understand what is and is not included in the package or product you have selected. Before any work begins, we will confirm by e-mail exactly what you can expect TPG to do, any documentation you can expect to receive, the agreed price and any other items such as mileage that are to be billed separately.
  • Once you have indicated your agreement, whether orally or by e-mail, you are liable to pay the amounts stated (subject to cancellation terms detailed below), so please ensure you raise any queries before work begins.
  • Laws and regulations change, and case law develops over time. The guidance we provide is valid when given and for the reasonably foreseeable future and will always take account of any upcoming changes of which we can reasonably be expected to be aware, but it may not remain valid if law, regulation or your business changes significantly. Unless you have signed up to an ongoing subscription package, it is your responsibility to seek further data privacy advice in the event of any future significant changes in law, regulation, your business or your industry, to ensure you remain compliant.
  • If we agree to add any additional work or items once work is underway, we will confirm the details and the price in writing before we do it.
  • If you purchase a specific ‘package’ or service, we will provide only that agreed package. While we’re working with you we may, at our discretion and without charge make suggestions or offer opinion or advice on other data privacy issues unrelated to that specific package, but this will be additional to the package or service you have purchased. It goes without saying that TPG cannot be held liable for not offering or providing advice and guidance on any issue that is not part of the specific service you have purchased. If you believe you may need advice or guidance on a separate issue, you should purchase the appropriate service or package or additional advice on the additional topic.
  • Where we undertake a more thorough review of your business, such as ‘a look under the bonnet’, ‘am I GDPR compliant?’ or the ‘new company start-up’ package, we will provide recommendations ordered by risk and priority, but it is your decision whether to act upon them, in which order to do so and when. TPG cannot be held responsible if your failure to act or to follow our recommendations leads directly or indirectly to loss or damage.
  • If we become unable to complete the agreed work, we will inform you immediately and refund any money you have paid to that date
  1. Meetings, Phone Calls and Timescales

It’s always nice to be able to meet clients face-to-face but, at the same time, the Privacy Guru aims to make expert advice and guidance affordable so we do our best to keep costs low wherever possible. We aim to conduct most discussions over the phone or online (via Zoom, Teams, Skype or Facetime) rather than in person.

Where applicable to the service you have purchased, you are located within a reasonable distance of our base in the East Midlands and any Coronovirus restrictions allow, we may agree to meet with you in person. We will charge mileage at the current HMRC rate.

We’ll agree timescales for the completion of work during our initial chat/meeting and I’ll confirm it by e-mail. If there is any delay to the timescale we have agreed, I will let you know as soon as I know and confirm a new completion date. If you have paid extra to ‘upgrade’ to a quick turnaround and I am then unable to meet that timescale, I will refund or deduct the additional ‘upgrade’ fee you have paid but you will remain liable for the price minus that fee.

  1. Subscriptions

If you purchase a subscription package, I will provide the services detailed in the product description (and re-confirmed after our initial discussion). All calls/meetings must be carried out within the year of the subscription and cannot be carried over to the next year unless by prior agreement with me. Your subscription will continue until it is cancelled in writing (by email) by you or us.

If we intend to cancel your subscription, we will give you at least one month’s notice. Please give us one month’s notice if you intend to cancel your subscription.

If you pay quarterly, you will forfeit the payment already made for that quarter. We will provide you with any documentation or other work due in that quarter.

If you pay annually, we will refund the unused portion of your subscription fee (pro-rated by the number of months remaining) minus a reasonable charge for work already carried out and provide you with any documents in progress at the time of cancellation.

  1. Subscription and emergency support packages

The purchase of either of these packages does not amount to or imply any employment relationship between us, nor does it include or imply any ongoing relationship or support outside of that package. If you ask me to act on your behalf, for example when dealing with a regulator, I will make it clear to the other party or parties that I am an independent advisor acting on your behalf and not employed by you or otherwise linked with you or your company.

  1. Payment

Payment for all services is due immediately on completion of the work. The work is complete when I have carried out all agreed actions, provided you with the final version of all agreed documentation and (where applicable) we have held any wrap-up call. I will issue an invoice for the outstanding amount along with or shortly after the final documentation. If we cannot schedule or hold any applicable wrap-up call within seven days of completion of the rest of the work, all amounts will become due even though the meeting has not yet been held.

For all items priced at more than £200 you will be required to provide a non-refundable deposit of 50% before work begins, and this is due immediately after our initial discussion, with the balance due once the work is complete. If you change your mind once work has begun, you will forfeit your deposit and any work underway will cease immediately.

Payment can be made by PayPal or bank transfer. Subscriptions are payable annually in advance by either of those methods, or quarterly by standing order.

Where work is undertaken at an hourly rate, anything less than one hour will be rounded up and charged as one full hour. After the first hour, anything over 30 minutes will be rounded up to a full hour.

  1. Non-payment


If you fail to pay for work completed, I will take the necessary action to recover the money owing and any costs incurred in doing so and will share your details as necessary in order to do so.

If you have opted to pay quarterly for a subscription and you fail to pay, we will issue one reminder (by email), after which we will cease all work and the subscription will be considered terminated. No further advice or documents will be provided to you, including any that were in progress at the time you ceased payment.

If your quarterly standing order is unpaid/returned by your bank, you will be liable for any bank charges we incur as a result.

  1. Right to use the documents I provide

Copyright to all documentation produced belongs to The Privacy Guru, but we give you an ongoing right to use them for the business and purposes for which they were designed/created. You must not:

  • Share them with any other business or organisation without our express permission
  • use them for any other purpose or modify them without our prior agreement
  • Use the trademark ‘the Privacy Guru’ or our logo without our prior written agreement

Please note that all advice and guidance we give is applicable only to your business and based on the circumstances and details we have discussed. What is right for your business may not be right for another. Please do not share the guidance I provide unless you have our prior consent.

  1. Fair Play

Most of The Privacy Guru’s packages and services include ‘reasonable’ phone or e-mail queries or research. It is difficult to be precise, but ‘reasonable’ means what I consider to be normal and necessary in the circumstances, considering the amount you have paid/agreed to pay, the circumstances and the level and type of service I am providing to you.

The Privacy Guru is intended as an affordable, friendly, and straightforward service but relies on fair play on both sides, so if I consider your usage of my service not to be reasonable, I will tell you so and may at my discretion charge an additional fee, refuse to answer further queries or, ultimately, terminate our relationship with immediate effect.

  1. If things go wrong…

Before any work begins, we’ll confirm by e-mail the work to be carried out, price and timescales to give clear expectations on both sides. I will keep you informed of any problems or delays that arise at my end. I would ask the same of you, and if there’s anything you’re unhappy with or don’t understand, or anything that might affect your ability to pay, please let me know as soon as possible so we can sort things out quickly and stay friends!

I accept no liability for any amount greater than the amount you have paid to me for the services I have provided, unless I am found to have acted negligently or recklessly in providing those services, in which case my total liability will be limited to £250,000

Terms & Conditions

Site content © The Privacy Guru. Site design by Applebox Designs.