Privacy Policy

This page explains how Rebecca Thomas Writer complies with the new General Data Protection Regulations (GDPR). If you have given me any of your personal details (your Email address, phone number, etc.) then please be reassured by the information this section gives you.

The following are my answers in response to the sections in the document: “Preparing for the General Data Protection Regulation – 12 Steps to Take Now.”

1. Awareness
I am the only person associated with Rebecca Thomas Writer. Therefore, no one else needs to be made aware of the GDPR guidelines.  

2. The
ONLY information I will ever hold:
• Email addresses of people who have emailed me and to whom I have replied – automatically saved in Microsoft Outlook.
• Postal addresses of anyone I have invoiced for payment for my work.
• My website ( and contact form are powered by WordPress. You can view their privacy policy here:
• I do not have a mailing list—however, if I do in the future this document will be updated.
• I do not currently sell anything through my website——however, if I do in the future this document will be updated.

I do not share this information with any third party.

3. Communicating privacy information
I am taking three steps:
1. I have put this document on my website.
2. I will add a link to my email signature.
3. I have added a link to my contact page.

4. Individuals’ rights
Upon request, I will delete data and if someone asks to see what data I possess, I will show them without question.

5. Subject access requests
I will aim to respond to all requests within 24 hours.

6. Lawful basis for processing data
If people have emailed me, they have given me their email address. I do not actively add it to a list but Google Mail will automatically save it. I will not add it to any database unless I am given written permission from all persons involved.

7. Consent
If I start a mailing list or online shop in the future, I will ensure I have full consent to keep personal data on my records.

8. Children
My business (Rebecca Thomas Writer) dos not have any involvement with children. I will not be processing any data in relation to children.

9. Data breaches
My computer is strongly password protected as well as my WordPress website and Google Mail email accounts. If I make any spreadsheets, I will ensure they are also password protected. If any of these external organisations are compromised, I will ensure I take the necessary steps to follow their advice immediately.

10. Data Protection by Design and Data Protection Impact Assessments
I have looked at whether I need to carry out any DPIAs (Data Protection Impact Assessments) following the guidance in the document: “Preparing for the General Data Protection Regulation – 12 Steps to Take Now” .

‘A DPIA is required in situations where data processing is likely to result in high risk to individuals, for example:
• where a new technology is being deployed;
• where a profiling operation is likely to significantly affect individuals; or
• where there is processing on a large scale of the special categories of data.’

I do not hold any data which is of high risk to individuals.
I do not conduct profiling operations.
I do not process any categories of data on a large scale.

11. Data Protection Officers
I am the Data Protection Officer as I am the only person involved in my business.

12. International
My lead data protection supervisory authority is the UK’s ICO.

Support a small business