By continuing to use this site, you agree to our use of cookies. Find out more
Forum sponsored by:
Forum sponsored by CML

Data protection regs

All Topics | Latest Posts

Search for:  in Thread Title in  
Cuban819/04/2018 12:35:36
2031 forum posts
3 photos

As membership sec for my club, I've been going through the new GDPR responsibilities **LINK**

Doesn't appear too onerous thanks to the stuff on BMFA, but nevertheless, time needs to be spent on it to do it correctly. The new BMFA membership portal that's coming soon, appears to have all the necessary 'bells and whistles' for club data to be stored in a compliant manner, so again, just a bit of time and effort needed to convert your systems Thanks BMFA admin.

Does seem that the authorities could have made small clubs like most of ours that really only collect names, addresses, email, phone numbers and DoBs exempt IMHO. Perhaps a precursor to clubs being required to hold other data on its members, so we can be officially investigated in order be seen to be open, diverse, non-discriminating pro-whatever they can think of next.

Certainly not doing very well on the numbers of youngsters around.............

stu knowles19/04/2018 15:22:46
492 forum posts
41 photos

I look after my local group. I record the names of those who have paid into a book (PAPER not NET). I don't record any other information.

We have a FB page for general chit chat an keeping people informed. Some people join FB but some don't.

ON that basis, I'm not sure that these new regs will impact on our group beyond a statement that that is all that we keep

ceejay19/04/2018 15:57:03
378 forum posts
322 photos

having just done initial training on GDPR (I work in schools) even written info needs to be kept secure, if from the info a person or persons can identify an individual.

cj

Nigel R19/04/2018 16:28:26
avatar
1413 forum posts
309 photos

"even written info needs to be kept secure"

Does one of those locked filing boxes count as secure?

stu knowles19/04/2018 21:03:10
492 forum posts
41 photos

even written info needs to be kept secure,

​Accepted, I suppose that my real point was do we need to keep so much info on our members, names, DoB, address and phone numbers. Is anything more than 'Name - Paid' needed for club records?

Geoff Sleath19/04/2018 21:33:21
avatar
2720 forum posts
199 photos

Sometimes more info is useful.

Last year I volunteered to take a member's model home to carry out a minor repair. I knew his name and that's all so I emailed the secretary for the guy's email address so I could tell him I'd done it and would leave it in the club hut. The sec got in touch with him so he could contact me. He didn't reveal any personal data without permission.

It gets complicated!

Geoff

John Privett19/04/2018 22:40:07
avatar
5710 forum posts
222 photos
Posted by stu knowles on 19/04/2018 21:03:10:

Is anything more than 'Name - Paid' needed for club records?

Maybe for a small club where you know everybody and everybody pays in person at the field or a club meeting then that is fine.

It wouldn't work for me as I post out renewal letters, receive new applications and renewals by post (also direct payments to the club account with membership number as the reference so I know who has just paid) and have to send out membership cards by post. So I need rather more info than just a name.

We also have two current members with the same name! At least I assume they're really 2 people - they have different addresses, phone numbers, BMFA numbers etc. and both have paid their subs. teeth 2

ceejay20/04/2018 08:35:33
378 forum posts
322 photos

I would think so from what we were told, kept locked up somewhere you have access to for your use is ok, we have more training to come so I will ask.

cj

MattyB20/04/2018 11:15:33
avatar
1806 forum posts
27 photos

GDPR is currently making up ~90% of my work life at present; despite the fact we have had a preparation programme going for more than 3 years inevitably there are last minute tasks to do, especially around updating related procedures to ensure compliance and educating staff on their responsibilities. Lots of "fun"... wink

The guidance from the BMFA is sound, but as with many organisations rather late in the day - the GDPR requirements have been known for 4 years, so clubs could have been given guidance on how to comply much earlier to allow them to be better prepared rather than doing it all in the last month. Putting that aside, following their guidance should put you in good position, but (perhaps understandably given the complexity here) I don't think all aspects of the regs have been covered.

To help here are some principles to keep in mind when reviewing your PI handling processes - if your club/organisation/company can give good answers against all of these you are probably in good shape...

  • Everything you do with Personal Information (PI) should be fair, lawful and transparent.
  • Processing of PI must be restricted to the original purpose for which PI was collected.
  • ​The amount of PI collected should be limited to the minimum necessary for the purpose for which it is being processed.
  • PI obtained and processed should be accurate and, where necessary, kept up-to-date.
  • Ensure that PI is not retained longer than necessary (delete when no longer necessary).
  • ​PI must always be kept secure.
  • PI must always be processed in accordance with the rights of data subjects (individuals in the EU have specific rights under data privacy laws which they can exercise against an organisation e.g. the right to review and have access to their information that is held by the club)
  • Ensure that the PI you process is not transferred across borders improperly (not a problem for most model clubs, but be careful when using cloud services).
  • ​PI should be processed in a way that demonstrates compliance with good data privacy practices.

Edited By MattyB on 20/04/2018 11:16:47

MattyB20/04/2018 11:27:42
avatar
1806 forum posts
27 photos
Posted by Cuban8 on 19/04/2018 12:35:36:

...Does seem that the authorities could have made small clubs like most of ours that really only collect names, addresses, email, phone numbers and DoBs exempt IMHO. Perhaps a precursor to clubs being required to hold other data on its members, so we can be officially investigated in order be seen to be open, diverse, non-discriminating pro-whatever they can think of next.

Not really. The regs are primarily being put in place to protect data subjects from the misuse of their information, including identity theft. There's lots of examples out there - Equifax, Cambridge Analytica (with Facebook) and TalkTalk are just a few recent ones.

Ultimately if your identity is stolen as a result of poor data protection practices at a model club would you be less bothered by it than if your bank or Facebook were the perpetrators? Of course not, hence why any org who handles PI has to be in scope. I wouldn't get too worried though, as the types of data model clubs process is not generally the most sensitive PI (credit card info, gender, sexual orientation etc) and it is highly unlikely regulators will have the capacity or will to go after clubs and societies who have very small financial resources to pay fines (4% of global turnover isn't much for a model club!)

Martin Harris20/04/2018 15:21:49
avatar
7696 forum posts
191 photos

Any informed views on this guidance from the BMFA?

If using electronic communications to members gather consent from all existing members and new members when they join. This requires a positive action from the individual.

Does this imply that after the 20th of May, clubs need to cease email communication with any member who hasn't positively elected to receive emails?

 

 

Posted by MattyB on 20/04/2018 11:27:42:
...it is highly unlikely regulators will have the capacity or will to go after clubs and societies who have very small financial resources to pay fines (4% of global turnover isn't much for a model club!)

Matty, while the financial penalties may be small, would there be any criminal liability involved?

Edited By Martin Harris on 20/04/2018 15:26:46

Mowerman20/04/2018 16:19:11
avatar
1504 forum posts
103 photos

Should club secs be worried about this when the DVLA regularly gives out information ad-hoc and many companies sell lists of names, addresses and e-mail addresses I think a sense of proportion is called for .Added to that most ISPs use cookies to collect information, and how secure is that?

Edited By Mowerman on 20/04/2018 16:22:19

John Privett20/04/2018 21:00:56
avatar
5710 forum posts
222 photos
Posted by MattyB on 20/04/2018 11:27:42:
... and it is highly unlikely regulators will have the capacity or will to go after clubs and societies who have very small financial resources to pay fines (4% of global turnover isn't much for a model club!)

But it's not 4% of turnover. Read what is on the link you posted;

There are two tiers of administrative fines that can be levied:

  • 1) Up to €10 million, or 2% annual global turnover – whichever is higher.
  • 2) Up to €20 million, or 4% annual global turnover – whichever is higher.

I suspect even the lower amount of €10million is going to stretch even the biggest clubs... smile o

Andy Symons - BMFA21/04/2018 09:04:49
354 forum posts
1 photos
Posted by Martin Harris on 20/04/2018 15:21:49:

Any informed views on this guidance from the BMFA?

If using electronic communications to members gather consent from all existing members and new members when they join. This requires a positive action from the individual.

Does this imply that after the 20th of May, clubs need to cease email communication with any member who hasn't positively elected to receive emails?

No. I have added some clarification to the documentation. They will be under constant review as there are still many grey areas.

The latest legal advice we have received is that you don't need consent for email communications that can be considered as "club management" communications. AGM notices, club meeting notices, field closed notices etc etc but consent should be obtained for communications that are more towards marketing, for example emailing lists of members for sale items, where a positive opt in will be required.

Biggles' Elder Brother - Moderator21/04/2018 10:09:50
avatar
Moderator
15429 forum posts
1409 photos

I'm doing this for our club, and two other organisations I'm involved in. No surprise there then!

In answer to a point raised earlier - ie do we need to record more than name/paid, I'm afraid, for some clubs, yes is the answer! We lease our strip from the council - its in a country park. A condition of our lease is that anyone flying solo must have an A-cert. This means that, in order to enforce and police that, all committee members have to know who has an A-cert and who doesn't.

This can be done under the regs on the basis of claiming that we "need to store the information to comply with legal duty" - one of the stronger cases. Incidentally advice from lawyers is that "storing information by consent" is one of the weaker cases. Consent is hard work to get from everyone and anyone could opt out at anytime - which could really mess you up! But its certainly what we will try at first at least.

As I understand it we are not required to fully comply by 25th May - but we are expected to have "made a start"! So our plan is that at our next committee we will approve the club's Data Protection Policy. This will basically just list the data we keep, why we keep it and and what grounds. Finally it just says our policy on issues such as access, security, availability etc., etc. is that we will use the BMFA system, once it is in place. A neat side-step I think!

BEB

All Topics | Latest Posts

Please login to post a reply.

Magazine Locator

Want the latest issue of RCM&E? Use our magazine locator link to find your nearest stockist!

Find RCM&E! 

Latest Forum Posts
Support Our Partners
Gliders Distribution
CML
Expo Tools 14 July
Wings & Wheels 2018
Airtek Hobbies
Slec
electricwingman 2017
Overlander
Motion RC
Advertise With Us
Sarik
Latest "For Sale" Ads
What is the main brand of transmitter you use? (2018)
Q: What is the main brand of transmitter you use?

 FrSky
 Futaba
 Graupner
 HiTec
 Jeti
 JR
 Multiplex
 Spektrum
 Other

Latest Reviews
Digital Back Issues

RCM&E Digital Back Issues

Contact us

Contact us