Data protection updated

[mikes]

My club is looking for a new secretary so, being a bit of a sucker, I am thinking about offering.
I have been looking into the duties and responsibilities of a club secretary and I'm scared stiff!!
I looked on t'intirnet for info on data protection which has new rules to be implemented this spring(2018). Lots of detailed complex 'stuff' but nothing quite appropriate for a bunch of mostly  ageing turners.
 I was hoping to find some guidance from AWGB as other national bodies, mountaineering, athletics, sailing etc. have produced briefings for clubs but nothing yet.
Any ideas folks? Am I panicking unnecessarily? Is it really as daunting as it seems to me?
Heeelp!!!

[bodrighywood]

See if this is any help. Our club has updated its DPP and there is info on it here on the website.

Pete

[The Bowler Hatted Turner]

Mikes first of all well done for considering being your club secretary. Our clubs, groups and organisations would not exist if it were not for the members that volunteer to help run them.
In my time in the woodturning world I have been a club secretary, a club chairman , and an area rep. I am currently the H&S person for the AWGB and the current Chairman of the RPT.I wish more people would get involved but I would say that wouldn't I?
However my point is I have just done the GDPR for the RPT. I researched on line the bits to place on the website and produced a data privacy policy notice, basically you have to state that you recognise your (the club's) responsibilities, what information you store about your members, how it is stored and why and what you are going to do with it.You must also say how someone can obtain the information you hold about them and who to approach to request their information should be removed. It sounds daunting I know but once you get into it you can sort it out. I actually read through 80 odd pages of the act and can only say that if that is what we pay our money for we will be better off out of the EU (but let us not turn this into a political debate)The other thing is it will effect even those that do not store information on computers, so write a person's name and address down and you should really let them have a copy of your data privacy policy. If you visit the link Pete showed or look at the RPT website you will see probably all you need. If you have a club website there should be something on there too. You have until the 25th May to get it all sorted out ( but I don't think you will get arrested if you don't, but then again............) I hope this helps a bit.

[mikes]

Many thanks Gentlemen.
A great deal to mull over and a detailed chat with current club officers needed this weekend.
Oh joy - sooner talk about turning!!

[happy amateur]

I am the webmaster for our woodturning club.
Is it a legal requirement that we as a club should publish this on our website and abide by it

Fred Taylor
orchard-woodturners.org.uk

[The Bowler Hatted Turner]

Fred I am by no means an expert but I would suggest that if your club website collects and processes personal data then you should really conform to the regulations. Your website almost certainly has cookies on it, most websites do, so I would provide a link to whichever company you use, so Google analytics for instance will collect info as will Wordpress, just link to their privacy policy. But I am sure there will be those better qualified than me who can give advice. I actually read all of the legislation (it bored me to death) and I still didn't understand it all but as I am responsible for the RPT site I thought it safer to comply.

[Dave Atkinson]

When I was a trustee of the AWGB I looked into the old DP act and whether we neede to register with information commissioners under the act.

If you go the information commissioners website there is a simple questionnaire for you to complete to see if you need to register.

The AWGB was not required to register.

However we should all try to operate within the spirit of the act and Lee any data we hold safe. 

Most of the legislation applies to companies rather than clubs and I think you will be quite safe being secretary.

I hope you take up the role, without volunteers Clbs and organisations like the AWGB wil cease to 
Exist.

Cheers Dave

[Paul Hunt]

Hi Dave,

That's a common misconception with GDPR and an area that the old Data Protection Act was fairly lax about. GDPR applies to ALL organisations, commercial or voluntary regardless of profit making status.

That said, the punitive costs that you see banded around are aimed at large companies that handle significant amounts of personal data beyond that which we as clubs would generally handle. I very much doubt that we will see a small organisation like a local club ever being fined the amounts being mentioned.

That said, even small organisations (our club has just 70 members) have a responsibility to comply with the act and ensure that data is held securely, processed properly, not passed on without informed and POSITIVE consent (e.g. if you publish a membership directory, you MUST ask members to agree to be in it as an opt-in, not an opt-out option)

Common sense applied will see the majority of clubs complying by default.

Paul.

[Dave Atkinson]

Thanks Paul

These are good comments.  I did do some research yesterday as I have several people asking if I want to remain subscribed to their marketing information.  Some are taking the "no reply = consent" Some are taking "I must opt in" approach.  I think the "must opt in" approach is the better way to go.  There does seem to be a lot of help available if you have time to study the website.  For most clubs that just hold names and addresses I think compliance will be fairly straightforward.

to go back to the original post I don't see this as being a bar to taking a secretary role in a club. 

Cheers Dave

[Paul Hunt]

Absolutely agree, volunteers for committees are generally few and far between!

I know it's off-topic, but on the subject of Opt-in versus Opt-out.. The GDPR regulations are very clear on the subject, Consent requires an Affirmative action, The use of pre-ticked boxes or consent by default (e.g. by not replying) is not permitted and not considered valid consent. Clubs that are taking that approach should re-think.

Paul.