top of page

Data Protection Policy

Jo Lawson – Lifestyle PA - Data Protection Policy

Effective Date: 1st November 2025
Reviewed: 1st November 2025
Next Review Due: 1st November 2026

1. Purpose

This policy sets out how Jo Lawson Lifestyle PA (“the business”, “we”, “us”) complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 when handling personal data. It applies to all personal data we collect, store, and process in the course of providing lifestyle PA services.

 

2. Scope

This policy applies to:

  • Personal data relating to clients, suppliers, and business contacts.

  • Any staff, subcontractors, or freelancers engaged by the business.

  • All systems, whether digital or paper-based, used to store or process personal data.

 

3. Data Protection Principles

We adhere to the following principles:

  • Data is processed lawfully, fairly, and transparently.

  • Data is collected only for specified, explicit, and legitimate purposes.

  • Data collected is adequate, relevant, and limited to what is necessary.

  • Data is accurate and kept up to date.

  • Data is kept only as long as necessary.

  • Data is processed securely, with appropriate safeguards in place.

 

4. Lawful Bases for Processing

We process personal data on one or more of the following bases:

  • Contract: to deliver agreed PA services.

  • Consent: where the client has agreed to specific processing (e.g., marketing).

  • Legal obligation: to comply with tax and record-keeping duties.

  • Legitimate interest: for the efficient running of the business, provided it does not override the rights of individuals.

 

5. Data Security

We take appropriate measures to keep data secure, including:

  • Using password-protected devices and accounts.

  • Using reputable cloud storage providers with encryption (e.g., Google Workspace, Microsoft 365).

  • Ensuring paper records are stored securely and disposed of by shredding when no longer needed.

  • Restricting access to data only to those who need it.

  • Regularly reviewing security measures.

 

6. Data Retention

  • Client records and communications: retained for up to 6 years after the end of the client relationship (for tax and legal reasons).

  • Financial records: retained for 6 years in line with HMRC requirements.

  • Marketing data: retained until consent is withdrawn.

 

7. Data Breaches

  • A “data breach” is any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

  • All breaches will be logged and investigated.

  • If the breach poses a risk to individuals’ rights or freedoms, the ICO will be notified within 72 hours, and affected individuals will be informed promptly.

 

8. Data Subject Rights

We will respond promptly to requests from individuals to exercise their rights under UK GDPR, including:

  • Access to their data.

  • Correction or deletion of their data.

  • Restriction or objection to processing.

  • Data portability.

Requests should be directed to: jolawsonlifestylepa@gmail.com

 

9. Responsibilities

  • The business owner (Jo Lawson) is responsible for ensuring compliance with this policy.

  • All contractors or freelancers engaged must agree to comply with data protection requirements.

 

10. Review

This policy will be reviewed annually or sooner if required by changes in law or business practices.

bottom of page