logo-med

TAKING THE STRESS OUT OF DATA PRIVACY

for artists, creatives, sole traders and small businesses

WHAT IS DATA PRIVACY?

Unless you’ve been living off-grid for the last few years - and if you have, you’ve come to the right place, and we definitely need to talk - you’ll know a little about data protection. You’ll certainly have heard of ‘GDPR’ (‘the General Data Protection Regulation’), the most recent European data protection law. If nothing else, you’ve probably heard that it’s terrifying. Well, it can all seem complicated, but it really isn’t. At heart, it’s about using peoples’ personal information fairly and safely, being open and honest with them about how you’re using it, and respecting people’s privacy.

The problem is that there’s a lot of scaremongering and misunderstanding about data protection in general, and GDPR in particular. In reality it is not intended to tie you up in knots that stop your business from functioning. Quite the opposite, in fact, because if you get the balance right, you’ll build the trust of your customers - which can only be a positive thing for any business.

ABOUT YOU

You’re an artist, a maker, a craftsperson. You create things. Or you’re a small business, a sole trader, a one-man-band. You supply a product or service to your customers. Or you might be a small charity or not-for-profit group.

Whoever you are and whatever you do – whether it’s painting portraits or kitchens, arranging flowers or mortgages - that’s your thing. You’re good at it and you just want to get on with it. You don’t want to spend time worrying about data protection, because that’s definitely not your thing. You know it’s important but you’re too busy, or it’s too complicated, or it’s too expensive, or maybe you simply don’t know where to start or who to ask.

That’s where I come in. Data protection is my thing, and I can take the stress out of it so you can get on with doing your thing with one less thing to worry about. And that has to be a good thing!

I know what your business really needs

Sounds like a big claim, doesn’t it? I’ve specialised in this field for two decades in some very complex businesses as well as some very simple ones, and I’ve been through two major changes of data protection law, so I really understand it both in theory and in practice. I can separate myth from reality, and real risk from scaremongering. I can tell you clearly what your small business really does and does not need to do. Most important of all, I know that one size definitely does not fit all, and I’ll listen to you and give you advice that works for your business.

Does My Business REALLY Need This?

Yes. Data privacy applies to your business if you hold or use personal information about any individual people. That’s most likely to be your customers, but includes employees if you have them, and any other people your business deals with. That means legally you will have responsibilities and obligations, but the good news is that they won’t be complicated or expensive (unless you’re busy building something to rival Amazon or Google, of course). That doesn’t mean they’re not important, though – and getting data privacy right is an investment in the future of your business.

Some Things The Privacy Guru Does Not Do:

Legalese, management-speak, graphs and matrices - no pictures of smiling executives pointing at charts on this website, are there? - lengthy reports, scare stories, upselling, cross-selling, or hidden charges. And I definitely do not do charging you huge amounts of your hard-earned money for things you don’t need. What The Privacy Guru does do is simple, friendly and approachable, honest advice, plain English, common sense, listening to you, and clear, upfront pricing.

But Lots of Companies Don’t Bother So Why Should I?

Believe me, I know. There are companies large and small who haven’t bothered about data protection, either before or after GDPR – and they’ll probably ‘get away with it’. If you’re thinking ‘why should I bother then?’, take a moment to think: do you want to be a business that cuts corners and ‘gets away with’ things? Do you want your customers to trust you? And how would you feel if another business took the ‘why bother’ approach with your personal data? If you still don’t get it, I really can’t help you! If you do, drop me a line. Then take a deep breath and prepare for a weight to be lifted from your busy shoulders, because the privacy guru is here to help.

26165207_10156837803077656_5425184799551629668_n

ABOUT ME

I’m a data protection and privacy (let’s call it ‘Data Privacy’ because it’s easier to type) specialist with twenty years’ experience of applying data protection law in a wide range of industries and settings. I’ve worked in large global organisations, including some household names, and I’ve also advised small businesses and sole traders, so I understand that your needs are very different from those of a large corporation - as are your time, your priorities and, of course, your budget. I’m also an artist, designer/maker and small business owner, so I know some of the challenges that come with running your own business, particularly in the creative sphere.

MY MISSION

I believe in taking the mystery out of data privacy and keeping it simple. I also believe that good, straightforward, expert advice should be easy to come by and should not cost a fortune. My mission is to provide you with simple and clear data privacy services at a fair, affordable price.

PRODUCTS AND PRICING

Just write me a privacy policy, please! (£75)

No problem. I’ll write you a clear, simple privacy policy that complies with data protection laws and reflects your brand or style.


Why do I need this?

If your business uses any personal information about customers (or staff, if you have them), legally you need to tell them what and where, plus a few other pieces of mandatory information. Don’t worry - you don’t need pages of small print. The very opposite, in fact. Data Privacy law requires you to make your privacy policy clear, simple, concise, honest and understandable.


What’s good about it?

Well, apart from being a legal requirement, the privacy policy is also a chance to show customers that you take data privacy seriously, and to gain their trust.


What do I get for my money?

  • A privacy policy for use on your website, plus (if applicable) a version for offline use
  • Written guidance on how and where to use and communicate your new policy, including guidance on obtaining consents from your customers, if applicable
  • If applicable, a short ‘cookie notice’ for use on your website
  • If applicable, wording to use in obtaining customer consents

What’s included in the price?

  • An initial chat by phone or online where we’ll talk through your needs, I’ll gather the necessary information and we’ll agree timescales
  • Any phone or e-mail conversations we may need to clarify points on either side
  • Up to two rounds of review and revision to the final document (further rounds of revisions are £5 each)
  • A final follow-up chat by phone or online to make sure you’re happy.

A privacy policy and a set of Terms and Conditions (£175)

Double trouble, eh? No problem. I’ll write you a straightforward and understandable set of Terms and Conditions for your business and a clear, simple privacy policy that complies with data protection laws and reflects your brand or style.


Why do I need this?

Your terms and conditions are where you set out what you will provide to your customers, expectations and responsibilities on both sides and the limit of your legal liabilities. In the event of any disagreement, they are there to save your bacon (or, indeed, your Tofu-con if that’s your thing). They’re like the airbag in your car: you won’t truly appreciate them until you really need them, but then you’ll see that they’re priceless.

If your business uses any personal information about your customers, the law requires you to tellthem what information you’re holding and why, along with a few other pieces of mandatory information. This must be a separate document, not part of your terms and conditions.


What’s good about it?

Think of your T&Cs and Privacy Policy as the twin pillars that hold up your business. Done well, they’ll give your customers clarity and you peace of mind. Win: win!


What do I get for my money?

  • A privacy policy for use on your website, plus (if applicable) a version for offline use
  • A set of T&Cs
  • Written guidance on how to use and communicate your new policy and T&Cs, including guidance on obtaining consents from your customers (if applicable)
  • If applicable, a short ‘cookie notice’ for use on your website
  • If applicable, wording to use in obtaining consents

What’s included in the price?

  • An initial discussion by phone or online where we’ll talk through your needs, I’ll gather the necessary information and we’ll agree timescales
  • Any phone or e-mail conversations we may need to clarify points on either side
  • Two rounds of review and revision to the final documentation (further rounds of revisions are charged at £5 each)
  • A final follow-up chat by phone or online to make sure you’re happy.

Help with Marketing (£50)

Just tell me how you’d like to reach your customers or prospective customers and I’ll help you find a legal, fair and effective way to do it.


Why do I need this?

Whether it’s woolly jumpers, window cleaning or widgets, it’s vital to promote your products and services in the right way at the right time. There are lots of misunderstandings about data protection and marketing, and the whole thing can feel like a minefield. It really isn’t, and I can guide you through it.


What’s good about it?

You’ll understand what you can and can’t do to promote your business without annoying either your customers or the regulator.


What do I get for my money?

  • A discussion by phone or online, in which we’ll talk about your business, your marketing aims and ways of achieving them, including whether or not you need to obtain consent. If I can’t provide you with guidance during the call (for example, if I need to review your existing marketing material first) we’ll agree a timescale at this point.
  • Written confirmation of the advice and guidance advice I’ve given during the consultation
  • If applicable, a set of wording you can use to obtain consent to marketing, and guidance on how and where to use it.
  • If applicable, a set of marketing-related wording for you to include in your privacy policy

What else is included in the price?

  • Any phone, online or e-mail conversations we may need to clarify points on either side
  • One round of revisions to any wording I prepare for you (further rounds of revision are £5 each)

What’s not included?

  • Advice on any aspect of marketing other than data protection/privacy (although I may point out any issues I feel you need to address)

Important note: more complex businesses

This package is suitable for most artists, creatives and small businesses. However, if your business operates in a regulated industry, carries out online marketing via third parties; buys, sells or shares marketing data, or has other more complex arrangements there will be an additional charge. If this applies, I’ll confirm it with you in our initial meeting.

New company set-up package (£275)

Maybe you’re just starting out on your own, building a website to sell your work or setting up as a business. You might even be buying a small business. Whatever you’re doing, it’s a busy time and you’ll have plenty to think about without worrying about data privacy. Yet sorting it out now can save you time, money and hassle further down the line. It needn’t be complicated, and it needn’t cost you an arm and a leg. Starting out in the right way means you’re setting yourself up for success – and who doesn’t want that?


Why do I need this?

There are a few basics that every business needs to have in place to make sure it stays on the right side of the law, so call in the Guru and cross a few things off your ‘To Do’ list!


What’s good about it?

You get all the data privacy basics you need at this stage, plus a set of terms and conditions for your business, all in one lovely little package. And, if that wasn’t enough, you have the confidence of knowing there’s an expert just a phone call away over those first few months of trading!


What do I get for my money?

  • An initial discussion phone where we’ll talk about your business and establish needs and timescales
  • A privacy policy for use on your website (and a version for use offline if you need it)
  • A set of Terms and conditions for your business
  • If applicable, a cookie notice for use on your website
  • A detailed set of guidance tailored to your business and including, as applicable: storing and deleting information, marketing, how to handle data privacy requests from customers, how to handle a data breach, data sharing and basic data security measures.
  • If applicable, suitable wording for use in obtaining customer consent (e.g., if you’re signing people up to a newsletter or mailing list)
  • Registration with the ICO - a legal requirement for most businesses. The ICO registration fee of approx. £40 is included in the price. If you’re exempt from registering or if you’re already registered, I’ll deduct this from your bill.
  • Over the 3 months immediately following completion of all the above, should you need it, the Guru will answer 3 simple data privacy questions or assist you with 3 simple data privacy issues.

What else is included?

  • All e-mails or phone/online calls needed to clarify points on either side
  • Review of any data privacy-related documents you may already have in place
  • Reasonable amount of research, if this is necessary due to any special requirements of your industry or sector.

What’s not included?

  • Advice on any aspect of your business other than data privacy and Terms and Conditions.

Data sharing – scary contract stuff! (£85)

If your business shares personal data with any other organisation, both you and it are liable for what happens to the data while they’re using it. Data privacy law requires you to have a written contract or data sharing agreement in place which must include certain things. Contracts can look terrifying if you’re not used to dealing with them, but they needn’t be. I can help.


Why do I need this?

As well as being a legal requirement, the data sharing agreement or contract is where you set out exactly what you’re allowing and requiring the other party to do with personal data and vice versa. It’s an important document and you’ll rely on it in the event of any problems, so you need to have the right wording in place and – most importantly – you need to understand what that means in practice for your business.


What’s good about it?

You’ll get the peace of mind that comes from knowing that your contracts comply with the law and you’ll understanding the rights and responsibilities you’ve signed yourself up to.


What do I get for my money?

  • If you already have a contract or a template, I’ll review it and either make, or provide you with a list of, the changes needed to bring it into line with data privacy law

  • If you don’t already have a suitable contract or data sharing agreement in place, I’ll write a set of template paragraphs for you to include in, or use alongside, any future contracts.

  • I’ll explain to you (and confirm in writing) what the wording in the data privacy sections of your contract mean in practice for your business.


What else is included?

  • Initial discussion by phone or online
  • Any phone/email/online conversations needed to clarify points on either side
  • Two rounds of review and revision to the final documentation (further rounds of revisions are charged at £5 each
  • A final follow-up chat by phone or online to make sure you’re happy.

What’s not included?

  • Review of, or advice on, any sections of the contract that don’t relate to data privacy, confidentiality, and security (although I may, at my discretion, and without additional charge, offer general comments or suggestions on other aspects of it as I go through the document).
  • Advice on any commercial aspects of the contract, its overall legality or its overall suitability for your business.

Important note:

Depending on the nature and value of the contract, you may still need to seek advice from a legal advisor to ensure you are compliant with contract law and any other requirements that apply to your industry or activity.

Emergency Support Package (£500)

Sometimes, despite the best of intentions, things go wrong. That’s life. Perhaps you’ve lost some customer information; maybe you’ve sent some sensitive details to the wrong person, or been hacked, or left your laptop on the train. What do you do? You act fast and call in The Privacy Guru.


Why do I need this?

The most important thing about a crisis is that you face up to it and handle it quickly, calmly and effectively. In some situations, you are legally required to notify your customers of a data breach and, if it’s really serious, you may need to inform the Information Commissioner’s Office, but it’s not always easy to know what to do when you’re in the thick of it. That’s where I come in. I’ll help you through it calmly, discreetly and with no drama. And don’t worry: whatever it is, I’ve seen and heard it all before!


What do I get for my money?

  • An initial discussion in which we’ll discuss immediate steps you need to take to try and stem the damage

  • A clear plan of what to do next - including whether and how to notify people of what’s happened - as well as longer-term remedial and preventative actions

  • If necessary, I will manage contact with the Information Commissioner’s Office on your behalf.

  • Suitable wording, where applicable, for notifying customers or staff of the issue

  • If applicable, preparation of response letters for the Information Commissioner’s office until the matter is resolved


What else is included?

  • Phone, email and online support with managing the situation through to resolution
  • Two follow-up calls (time/dates agreed between us) once the problem is resolved to see how things are going post-recovery

What’s not included?

  • Any further advice or support once the crisis has been resolved (other than in the two scheduled follow-up calls)
  • Advice or support on any issues not directly related to the crisis in hand
  • Support with any legal action or ICO enforcement action that may result from the crisis (This is available at extra cost)

Data Privacy Health Check (£100)

Your business has been going a while and maybe you haven’t given much thought to data privacy, or perhaps you have but would like some reassurance that you’re doing it right. Maybe all the talk of ‘GDPR’ has been niggling away at the back of your mind. Well, you’ve come to the right place. I’ll take a detailed look at your business and tell you how you’re doing, and whether there’s anything you need to do differently and help you get to where you need to be.


Why do I need this?

If you’re handling any kind of information about individual people – customers, employees or anyone else, you have legal responsibilities over that data. Ignoring these and hoping nothing ever goes wrong can prove a costly strategy - prevention is always better than cure!


What do I get for my money?

  • Initial discussion where we’ll talk about your business and its needs and agree work and timescales

  • Review of any existing data privacy wordings, policies and processes you already have in place, if applicable

  • Review of your Terms and Conditions

  • If applicable and necessary, I’ll visit your premises to look at, for example, your physical security arrangements

  • A de-brief meeting where we’ll talk through what I’ve found and a written summary with recommendations in order of risk and priority

  • If applicable, a clear written plan for tackling the risks and recommendations I’ve identified

  • Simple amendments to any existing data privacy policy or wordings (if a complete re-write or more substantial changes are needed, they will be subject to an extra charge if you decide to go ahead with them.)

  • Simple amendments to your Terms and Conditions (If a complete re-write or more substantial changes are needed, they will be subject to an extra charge, should you wish to go ahead with them.)

  • Scheduled follow-up discussion after 3 months to see how things are going


What else is included?

  • All Calls/emails we may need to clarify points on either side
  • A reasonable amount of research if needed

What’s not included?

  • New documents created for you completely from scratch (for example if I write a completely new privacy policy for you rather than updating one you already have)
  • If applicable, the Information Commissioner’s Office registration fee (Approx. £40)

Help for employers (£130)

Taking on an employee, eh? Well, look at you with your expanding business. Congratulations! Employing people does bring its own challenges. Data privacy need not be one of them, so let me help you through it and take at least one weight off your mind.


Why do I need this?

Data privacy applies to personal information about employees just as it does to customer data. As an employer you have legal responsibilities over employees’ data and their privacy at work, and they have legal rights. There are a few small but important legal differences between employee and customer information, which are potential pitfalls for the unwary but expert help at this stage can help you avoid them!


What’s good about it?

As well as the obvious peace of mind that comes with knowing you’re on the right side of the law, your employee(s) will know they can trust you with their personal information - and you want happy staff, don’t you? Of course you do!


What do I get for my money?

  • Initial discussion, where we’ll talk about your business and its needs, I’ll gather the information I need, and we’ll agree timescales.

  • Clear written advice on what to do, ordered by risk and priority level

  • Preparation of any necessary wordings or documents, as applicable, such as a privacy policy for your employees and suitable wording to go in your employment contracts.

  • A wrap-up discussion to ensure you understand the advice provided and answer any final questions.


What else is included?

  • Any phone calls or e-mails we may need to clarify points on either side
  • Review of any existing documentation you may be using

What’s not included?

  • Advice on any aspect of your business other than data privacy as it relates to employment and employees.

I have a silly question… (£25)

No, you don’t - because while there are many questions in data privacy, none of them are silly. It might be ‘how long can I keep this type of information?’, ‘can I share this bit of information with my customer’s partner?’ or ‘Is this data secure enough?’ It could be about buying data, storing data, selling data, deleting data, talking to customers, sending data abroad, using another company to manage your mailing list, how to identify a customer over the phone. It could be absolutely anything. But don’t worry about it – just talk to the Privacy Guru and I’ll answer it for you.


Why do I need this?

Well, you could use Google - but how do you know you’re getting accurate information? (And you know you’ll get side-tracked looking at cat videos). If you have a question about data privacy, it’s always best to get the answer from an actual expert, which is me. And, what’s more, I’ll explain it to you in words a normal person will understand!


What’s good about it?

You get a clear answer to your question from someone who’s been doing this data privacy stuff for 20 years. There’s nothing I haven’t heard before and I’m dead friendly, honest!


What do I get for my money?

  • A phone or online call (or e-mail if you prefer) to discuss the topic that’s bothering you

  • Written confirmation of the advice I give, so you don’t need to scribble down notes.


What else is included?

  • If applicable, review of any relevant documents/paperwork
  • A reasonable amount of research, if needed
  • Reasonable follow-up questions by e-mail or phone

What’s not included?

  • Advice or guidance on anything not directly related to the query in hand.

Annual Subscription Package (£600 annually (paid in advance) OR £60 by monthly standing order)

If you’d like to have advice and expertise on call, with reassurance that brings, you can choose to take out an annual subscription and the Privacy Guru will hold your hand. Not literally, of course, because that would be weird. And we’ve only just met.


Why do I need this?

This package is designed to give you the confidence of knowing that an expert has looked at your business and set you on the right path, with the added peace of mind that comes from having friendly, expert help and support just a phone call or mouse-click away.


What’s good about it?

Your very own Data Privacy Officer – an industry expert, no less - on call for a whole year but without having to make her coffee, listen to her droning on all day about her cats or put up with her annoying habit of throwing things at the bin and missing. I’d say that’s a win!


What do I get for my money?

The annual package is designed to be bespoke, so we tailor it to your needs, but as a guide, you’ll get:

  • An initial meeting/discussion at which we’ll talk in detail about your business and its and work out a plan for the year
  • A clear, written version of that plan so you’ll always know what we’ve agreed to do, when and why.
  • If applicable, a clear written summary of risks, issues and recommendations, ordered by risk and priority.
  • A review of your existing T&Cs, privacy policy and any other data privacy related documents you may already have
  • Registration with the Information Commissioner’s Office (a legal requirement for most businesses). If you’re already registered, or are exempt from registration, the £40 ICO registration fee will be deducted from your first month’s payment.
  • If applicable, a visit to your business premises to look at physical security measures and data storage arrangements
  • Preparation of the following if you don’t already have them (and as needed): privacy policy, terms and conditions, cookie notice, data retention and destruction plan, contract wording, process for handling data requests from customers and any other necessary documents OR, if you do already have them in place, I’ll review and update them.
  • Access to our online data privacy training module, developed with our friends over at Sun Spiral training
  • Quarterly meetings (usually online) throughout the year, to check how things are going
  • Reasonable amount of E-mail and phone/Zoom support throughout the year
  • Emergency support, should the worst happen and a data privacy breach or a customer complaint occur
  • Throughout the year, I’ll proactively keep you informed of any changes in the law or regulation that affect you, recommend actions you need to take and update your bespoke plan as appropriate
  • I’ll handle any interactions with the Information Commissioner’s Office for you

What else is included?

  • If applicable, a reasonable amount of research into relevant data privacy matters
  • Other items at my discretion
  • Goodness me, what more could you possibly want?!

What’s not included?

  • Review or preparation of any documentation other than those relating to data privacy and your terms and conditions
  • Advice or guidance on anything not data privacy related

An Audience with the Privacy Guru (£250 half day - £400 full day)

I’m sorry to disappoint, but this is not as exciting as an audience with the Dalai Lama, although it will bring you some peace of mind. The ‘in person’ option is ideal for a group of artists/creatives or small businesses sharing studios/offices or based near each other. Even better, now that we all know that Zoom is a truly wondrous thing, you and your friends/colleagues can even be at opposite ends of the country, and we can still do this effectively!


Why do I need this?

You get to club together with friends or fellow businesses and have a group session with the privacy guru and split the cost between you.


What’s good about it?

What isn’t good about it? You get a whole day or a half day with the Privacy Guru, and split the cost with your friends.


What do I get for my money?

The format and subject matter are tailored to your needs, but the most popular options are:

  • A question-and-answer session
  • An informal training session, where I talk you all through a particular aspect of data privacy, such as marketing or data sharing
  • A more formal training session on data privacy where I deliver a tailored session to the group
  • A ‘drop in’ clinic where I spend a day or half day at your premises and you drop in with your individual queries or, if you prefer, book timeslots with me.
  • Or the online equivalent of a ‘drop in’ clinic where we book time slots throughout the day, so you all have some time with me over Zoom (or Teams or Skype, as you prefer)

What else is included?

  • Initial discussion to find out what you need and arrange times/dates etc
  • Preparation of a tailored session, if applicable
  • A reasonable amount of research, if applicable
  • Written summary of advice and recommendations given
  • Each participant gets a 10% discount on the Privacy Guru’s other services, valid for one year.

What’s not included?

  • Venue hire, if applicable
  • Detailed review or preparation of individual businesses’ documentation (unless by prior agreement)

NEW for 2021 – The Privacy Guru does terms and conditions too!

It isn’t data privacy, but one thing that goes hand in hand with it is a good, clear set of terms and conditions for your business website. Your ‘T&Cs’ are where you set out what you’re offering, your rights and responsibilities, what you’ll do and what you expect from your customers. They’re also what you’ll rely on in the event of a dispute, so it’s important to get them right - but they won’t bail you out in your hour of need if they’re not clear and understandable.

Copying a chunk of templated legal text from the internet or from another business may seem like a great money-saving idea but it’s a false economy if you can’t rely on it when you need it. However simple your business, a good set of T&Cs will be worth its weight in gold in the unfortunate event that you ever need to rely on it. It shouldn’t go on for miles or be written in legalese. Neither should it cost a fortune. Trust me, it’s worth doing properly - and I’m here to help.

What to do now?

What are you waiting for? Drop me a line! I’m looking forward to meeting you.

NEW – Data Privacy online training!

We’ve teamed up with our friends at Sun Spiral, an independent e-learning company providing self-led online training and one to one coaching for professional development, to offer you online training in Data Protection for only £25.

It’s written for ordinary people, whether or not they have any data protection knowledge, and it explains data privacy in a simple and understandable way. You can find out more, and sign up here: Sun Spiral

Cookies & Privacy Policy
Terms & Conditions

Site content © The Privacy Guru. Site design by Applebox Designs.