Data Protection

 

Are you prepared for the new EU General Data Protection Regulation which comes into force on May 25th 2018? All organisations which hold personal and private data, from their customers or members, such as mailing addresses, e-mail addresses and telephone numbers, are required to comply with the terms of the regulation.

Although the UK is exiting the EU, the advice of UK regulators, the Charity Commission and the Information Commissioner’s Office is that all relevant UK bodies should still ensure that they have robust systems in place that meet the standards of the regulation. This is particularly important as the UK is in the process of transposing the EU regulation into UK law. Non-compliance may mean you risk facing fines imposed by regulators. The EU regulation will therefore have an impact on all charities including literary societies because we maintain lists of our members with contact details. Of course you may be already familiar with the 1998 UK Data Protection Act and will already have fulfilled requirements aimed at securing the careful handling and storage of personal data and can demonstrate you apply good practice.

The new regulation aims to harmonise and strengthen existing laws on how personal data is used and handled. An important element of the new regulation is transparency concerning how you process personal data, whether this is shared with a third party and what assurances you are able to give your customers and members about their legal right to access their own data which you hold. It is a good idea to publish a simple Privacy Policy, and make this freely available to your members. You could for instance publish this on your public website. A good example of a web-based Privacy Policy can be found on the UK government’s information portal and website at:  https://www.gov.uk/help/privacy-policy.

Another key requirement of the new regulation is that organisations must contact all their customers or members and seek their permission if they wish to continue to be approached by them in the future. This is probably only likely to affect literary societies, who are members of ALSo, if, for instance, they are regularly and actively involved in fund raising with their members. In most cases concerning literary societies, since our members have voluntarily submitted their personal data to enable a society to send them information, such as journals, newsletters, general news and other information, they would probably not need to do this. But it would be wise to consult with experts further if there is any uncertainty especially if you plan to engage in a fund raising project with your members. In most cases, if you are not planning regular fund raising with your members, your Privacy Policy should be enough to demonstrate compliance with the regulation.

The following news was issued by the Charity Commission and the Information Commissioner’s Office in December 2016:  ‘The Charity Commission, the independent regulator of charities in England and Wales, and the Fundraising Regulator, are issuing an alert to all charities. It reminds trustees that they must, in addition to following charity law requirements, ensure that there are systems in place at their charity to identify and comply with any data protection laws and regulations that apply to its activities.’  For more information see the UK government’s information website at: https://www.gov.uk/government/news/regulators-issue-joint-alert-about-compliance-with-data-protection-law and the Information Commissioner’s Office at: https://ico.org.uk/for-organisations/charity/

Also see relevant guidance issued by the Charity Commission on fund raising at: https://www.gov.uk/government/publications/charities-and-fundraising-cc20

Chris Thomas, Hon. Secretary, The Powys Society

(article dates from Autumn 2017)