|2031 forum posts|
As membership sec for my club, I've been going through the new GDPR responsibilities **LINK**
Doesn't appear too onerous thanks to the stuff on BMFA, but nevertheless, time needs to be spent on it to do it correctly. The new BMFA membership portal that's coming soon, appears to have all the necessary 'bells and whistles' for club data to be stored in a compliant manner, so again, just a bit of time and effort needed to convert your systems Thanks BMFA admin.
Does seem that the authorities could have made small clubs like most of ours that really only collect names, addresses, email, phone numbers and DoBs exempt IMHO. Perhaps a precursor to clubs being required to hold other data on its members, so we can be officially investigated in order be seen to be open, diverse, non-discriminating pro-whatever they can think of next.
Certainly not doing very well on the numbers of youngsters around.............
|stu knowles||19/04/2018 15:22:46|
|492 forum posts|
I look after my local group. I record the names of those who have paid into a book (PAPER not NET). I don't record any other information.
We have a FB page for general chit chat an keeping people informed. Some people join FB but some don't.
ON that basis, I'm not sure that these new regs will impact on our group beyond a statement that that is all that we keep
|378 forum posts|
having just done initial training on GDPR (I work in schools) even written info needs to be kept secure, if from the info a person or persons can identify an individual.
|Nigel R||19/04/2018 16:28:26|
1413 forum posts
"even written info needs to be kept secure"
Does one of those locked filing boxes count as secure?
|stu knowles||19/04/2018 21:03:10|
|492 forum posts|
even written info needs to be kept secure,
Accepted, I suppose that my real point was do we need to keep so much info on our members, names, DoB, address and phone numbers. Is anything more than 'Name - Paid' needed for club records?
|Geoff Sleath||19/04/2018 21:33:21|
2720 forum posts
Sometimes more info is useful.
Last year I volunteered to take a member's model home to carry out a minor repair. I knew his name and that's all so I emailed the secretary for the guy's email address so I could tell him I'd done it and would leave it in the club hut. The sec got in touch with him so he could contact me. He didn't reveal any personal data without permission.
It gets complicated!
|John Privett||19/04/2018 22:40:07|
5710 forum posts
Maybe for a small club where you know everybody and everybody pays in person at the field or a club meeting then that is fine.
It wouldn't work for me as I post out renewal letters, receive new applications and renewals by post (also direct payments to the club account with membership number as the reference so I know who has just paid) and have to send out membership cards by post. So I need rather more info than just a name.
We also have two current members with the same name! At least I assume they're really 2 people - they have different addresses, phone numbers, BMFA numbers etc. and both have paid their subs.
|378 forum posts|
I would think so from what we were told, kept locked up somewhere you have access to for your use is ok, we have more training to come so I will ask.
1806 forum posts
GDPR is currently making up ~90% of my work life at present; despite the fact we have had a preparation programme going for more than 3 years inevitably there are last minute tasks to do, especially around updating related procedures to ensure compliance and educating staff on their responsibilities. Lots of "fun"...
The guidance from the BMFA is sound, but as with many organisations rather late in the day - the GDPR requirements have been known for 4 years, so clubs could have been given guidance on how to comply much earlier to allow them to be better prepared rather than doing it all in the last month. Putting that aside, following their guidance should put you in good position, but (perhaps understandably given the complexity here) I don't think all aspects of the regs have been covered.
To help here are some principles to keep in mind when reviewing your PI handling processes - if your club/organisation/company can give good answers against all of these you are probably in good shape...
Edited By MattyB on 20/04/2018 11:16:47
1806 forum posts
Not really. The regs are primarily being put in place to protect data subjects from the misuse of their information, including identity theft. There's lots of examples out there - Equifax, Cambridge Analytica (with Facebook) and TalkTalk are just a few recent ones.
Ultimately if your identity is stolen as a result of poor data protection practices at a model club would you be less bothered by it than if your bank or Facebook were the perpetrators? Of course not, hence why any org who handles PI has to be in scope. I wouldn't get too worried though, as the types of data model clubs process is not generally the most sensitive PI (credit card info, gender, sexual orientation etc) and it is highly unlikely regulators will have the capacity or will to go after clubs and societies who have very small financial resources to pay fines (4% of global turnover isn't much for a model club!)
|Martin Harris||20/04/2018 15:21:49|
7696 forum posts
Any informed views on this guidance from the BMFA?
If using electronic communications to members gather consent from all existing members and new members when they join. This requires a positive action from the individual.
Does this imply that after the 20th of May, clubs need to cease email communication with any member who hasn't positively elected to receive emails?
Matty, while the financial penalties may be small, would there be any criminal liability involved?
Edited By Martin Harris on 20/04/2018 15:26:46
1504 forum posts
Edited By Mowerman on 20/04/2018 16:22:19
|John Privett||20/04/2018 21:00:56|
5710 forum posts
But it's not 4% of turnover. Read what is on the link you posted;
I suspect even the lower amount of €10million is going to stretch even the biggest clubs...
|Andy Symons - BMFA||21/04/2018 09:04:49|
|354 forum posts|
No. I have added some clarification to the documentation. They will be under constant review as there are still many grey areas.
The latest legal advice we have received is that you don't need consent for email communications that can be considered as "club management" communications. AGM notices, club meeting notices, field closed notices etc etc but consent should be obtained for communications that are more towards marketing, for example emailing lists of members for sale items, where a positive opt in will be required.
|Biggles' Elder Brother - Moderator||21/04/2018 10:09:50|
15429 forum posts
I'm doing this for our club, and two other organisations I'm involved in. No surprise there then!
In answer to a point raised earlier - ie do we need to record more than name/paid, I'm afraid, for some clubs, yes is the answer! We lease our strip from the council - its in a country park. A condition of our lease is that anyone flying solo must have an A-cert. This means that, in order to enforce and police that, all committee members have to know who has an A-cert and who doesn't.
This can be done under the regs on the basis of claiming that we "need to store the information to comply with legal duty" - one of the stronger cases. Incidentally advice from lawyers is that "storing information by consent" is one of the weaker cases. Consent is hard work to get from everyone and anyone could opt out at anytime - which could really mess you up! But its certainly what we will try at first at least.
As I understand it we are not required to fully comply by 25th May - but we are expected to have "made a start"! So our plan is that at our next committee we will approve the club's Data Protection Policy. This will basically just list the data we keep, why we keep it and and what grounds. Finally it just says our policy on issues such as access, security, availability etc., etc. is that we will use the BMFA system, once it is in place. A neat side-step I think!
Please login to post a reply.
Want the latest issue of RCM&E? Use our magazine locator link to find your nearest stockist!