As I understand it some of the underlying points relate to the security of personal data that can identify an individual, such as names, address, phone numbers, emails etc. All business will have normal requirements to store certain customer details and these business will have operatives termed "Controllers" and "Processors" of the customer data. GDPR places legal obligations upon the Controllers and Processors to ensure appropriate consent to use the data and suitable procedures to protect your method of storage from any unauthorised data breach.
With regard to both Electrical certificates and Part P notification, the key identification is the building where you have done the work. The actual client name in many cases has little relevance to the accuracy of the certificate or notification. It is probably only with a domestic EIC that the clients name and home address is potentially identifiable, but there is no need for full name or phone number or email on an EIC, on either hard copy or electronic storage.
However every self employed electrician has an obligation to keep records of every job location and customer contact details for both HMRC validation and so that in the event of a product safety recall, such as the self combusting MCB fiasco, you can identify if or where you may have installed a batch of faulty components.
This link has a PDF you can download:
https://www.gov.uk/government/publications/guide-to-the-general-data-protection-regulation
The bottom line as I see it is that you have got to ensure you don't do unauthorised spam marketing, you don't sell data you have acquired to third parties for marketing purposes. You have data "Controllers" to oversee the usage and storage of any customers data that you need to store as part of your normal daily business. And you only store data for as long as it is absolutely necessary for the reasonable business activities.
Doc H.
