GDPR (General Data Protection Regulations)

My wife and I trade as Creative Eye working from home. 
The only personal data we hold is that which is on our invoices and private communication email. Keeping personal data on invoices is covered by Article 6(b) of the General Data Protection Regulations (GDPR). Processing of these invoices is only necessary for contractual agreements, payments and postage.

We need to keep our invoices to prepare accounts for HMRC, bringing in a further lawful basis covered by Article 6 (c) we are legally required to keep accounting records for 6 years and so holding that data also meets Article 6(c). 

We ensure this data is accurate, not holding more information than is necessary, as one of the 6 principles of the GDPR which are set out in Article 5. Article 5 (c) states that personal data shall be, adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

All data is securely stored in our locked and alarmed home office. Data stored on two password protected computers and secure Deans accounting portal called Tally. We hand deliver our accountant and collect them in the same way and then archived in our loft, finally incinerated by us after 6 years. 

Any testimonials are kept with the customer’s approval. 
No personal information is passed onto third parties.