All organisations need to comply with the data protection act when handling or storing information pertaining to an individual.The act sets out seven key principles, which are explained on the Information Commission website. You should publish a privacy statement which explains your involvement regarding the key principles. When compiling your privacy statement, the principles help you form a statement which explains your position with regard to what data you will collect and how you will administer it.
The key is to set out your need to process, what information you need to hold, how you are going to store and protect it, how an individual can find out and if necessary correct the information you hold and how they can assert their right to removal.
Once you have described the how, where and why, you need to add the who – you should have a data protection officer who is they individual responsible for overseeing the process, ensuring compliance with the regulations and is the person who can be contacted by anyone with any queries or requests for removal.
Some organisations may need to register with the Information Commissioner’s Office to comply with the regulations. Most small not for profit associations won’t need to register. You can check if your organisation needs to register by completing the self assessment available on the ICO website.
Now you have established your constraints and published your statement, you need to obtain consent. This is achieved either by adding an agreement to your membership form or by creating a separate consent form. You should retain proof of consent.
Once you have stated how you will handle the data and have obtained consent, you need to stick to your published framework. For example, if you don’t have consent to share the data you hold with other organisations, you should avoid doing so. any changes in how you handle data would need a corresponding change in consent.
Data protection is a relatively simple concept. It just needs to be approached methodically and transparently so all concerned know what you are doing and why you are doing it.
More information is available on the ICO website. Their guide for small organisations may also be of use.