Wednesday, 21 March 2018

Join the club - no-one can avoid new data rules

Clubs and societies across Shropshire have been warned they must comply with new data protection rules, even if they only have a handful of members.

Graham Davies, of Martin-Kaye Solicitors, in Telford, said the new General Data Protection Regulation (GDPR) was due to come into force on May 25th.

“The new guidelines mean individuals will have greater control over how their personal information is collected and processed, and organisations will need to be more accountable when it comes to data protection.

“Any organisation that collects data must comply with the rules or face the threat of significant fines which could be crippling for a local club or society.”

Mr Davies said organisations who used a mailing list to promote fund raising events, or exhibitions, or who kept membership details on file would need to follow the new criteria.

“If your organisation is a one-person operation or you’re just a small group of committed supporters, there will be some work to be done ahead of the rules coming into force, but you have to take responsibility in order to be compliant.

“Make sure you have a process for collecting and storing data, and nominate someone to be your recognised data processor who will be responsible for making sure the process is followed.

“Draw up a simple document that you give to all members which sets out what data you collect and how it will be stored. Have a consent form that asks people’s permission to store their details – this is the ‘opt in’ policy – and make sure they have a copy and that you have a signed copy.

“Anyone who joins your group has the right to be removed from the list, to see what information you store about them, to have their history deleted, and to change the details you hold.”

Mr Davies said it was also vital that members knew who had access to the list, particularly if an outside body would be able to view the information.

“You should also make sure any data is stored safely – this is the most challenging issue as you’ll need to keep a regular watch on your systems to ensure they are up-to-date, but in today’s dangerous cyber environment, this is just good practice and common sense anyway.

“Make sure your data processes are clearly set out, so that anyone can repeat the procedure whenever a new member joins. Then once you have the processes and documents in place, it will be simple to regulate the system and ensure you comply with the new data rules.”