General Data Protection Regulations Policy
The new General Data Protection Regulations, which extend the provisions of the existing Data Protection Act, came into force on 25 May 2018. This change affects the way in which the Association holds personal data for its members, and sets out its responsibilities as well as its members’ rights.
Personal Data is any information in digital or physical form that identifies any aspect of members, including name, address, e-mail address, telephone number and financial information, such as bank details relating to subscription payments.
The Association, which is a member organisation, maintains a record of the names and addresses of its members and, where these have been given and where appropriate, e-mail addresses and telephone numbers for the purpose of communicating with them. Where applicable, bank details are also held.
Physical data is held solely by the Membership Secretary, who also acts as Treasurer, in dedicated files. A full membership list is maintained in digital form on a personal computer protected by password. Where members have agreed to be contacted by e-mail, these addresses are held by the Association’s Website manager on a separate database.
The Association undertakes not to make this information available to any third party, nor use it for any purposes other than for contacting members or, where applicable, processing subscription payments.
The Association may, however, publish contact details of its Committee members and its Local Representatives for the purposes of running the organisation, subject to obtaining their prior consent.
Members have the right to enquire what data is held about them and can have such data corrected or deleted.
They also have the right to have their data removed if they cease to be members, although it must be understood that the Association may need to retain information subsequently to meet legal requirements.
They will be informed of any data security breach.
The new legislation requires an organisation to identify those responsible for data control and processing.
The Data Processors will be the Membership Secretary and the Website Manager, answering to the Committee, which will act as Data Controller.
New members will signify consent to receive the Association’s communications on joining. Existing members are deemed to have given their consent by virtue of their membership. They will however be given the option to discontinue receiving communications.