General Data Protection Regulation (GDPR)

Not the most exciting of topics perhaps but this is important on an individual basis and also if you are involved in a local community group that holds information on its members.
 
            In a nutshell, this is the biggest shake up of rules surrounding Data Protection since 1998 and let’s face it, the world was a very different place then. Also, the new regulations which come into force on May 25th, 2018 will impact every group and organisation regardless of size. 
 
            This new EU regulation will dramatically strengthen your right and ability to control your personal information and privacy The key benefits are:
1. Increased security for your data.
With cybercrime on the rise, GDPR requires data processors and collectors (companies) to be more vigilant about safeguarding personal data against loss, theft and unauthorised access. Also new is the GDPR’s mandatory data breach notification rule. If a data breach occurs, it must be reported to the supervisory authority within 72 hours. And if the breach is likely to pose a high privacy risk for individuals, they must also be informed. (Previously, some companies waited months – or years – to report that a database had been compromised.)
2. Most organisations will need your consent to process and share your data.
Organisations now need your explicit consent before processing your data. Lengthy terms and conditions forms written in legal jargon that require you to check a box marked “I agree”   before you can access the site will be stopped. Now, companies will have to supply consent mechanisms that are plainly worded and clear. This means that you proactively must say yes before you are subscribed to for instance an online newsletter.
3. The right to rectify mistakes.
Under the GDPR, you are entitled to have your personal information corrected if it’s inaccurate or incomplete. This could be vital if, for example, a financial institution input the wrong information concerning your credit history. Also, if an organisation shares inaccurate or incomplete information with third parties, it must inform these parties about the rectification (whenever possible). It must also inform you about the organisations with which it shared the data.
4. The right to erasure.
Also known as the “right to be forgotten,” this allows you to request that your personal data is removed when you withdraw your consent. The right can be exercised in a number of situations. Some common ones include: if the data was unlawfully obtained; if you object that there’s no legitimate interest for the continued processing of the data; and if the personal data is no longer necessary to achieve its original purpose.
5. Right of Access
Under the GDPR, individuals will have the right to obtain confirmation that their data is being processed; access to their personal data; and other supplementary information such as is the information being shared. This must be a simple process to a named individual in an organisation
6. The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, you are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing.
7. The right to object
Individuals have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. In future, if you are being pestered by marketing calls etc, you will (from May25th) be able to explain to the organisation concerned that you wish to exercise your rights under GDPR and away you go.
 
Impact on Community Groups  
Every company, charity, community group etc that holds any sort of personal data has to comply with GDPR. So whether it’s Barclays or BOPAG, every organisation has to be ready. Unfortunately there is no ‘one size fits all’ approach, as what will be required will vary significantly depending on the sort of organisation,  the data collected etc. On-line resources tend to cater for businesses and large charities and the sheer volume of information and regulations is quite frankly overwhelming at first. However, for most community groups that only hold basic data on individuals for the purposes of sending out information, it’s not too onerous.
            BOPAG only holds contact information so that we can send out (by email or by post) the newsletter and meeting information. This information is only obtained from the individuals concerned and not purchased from third parties. Furthermore, BOPAG does not share or sell this data onto third parties. 
            To comply with GDPR, BOPAG are doing the following:
·         BOPAG has a Privacy Policy that will be available on the BOPAG website and written copies can be obtained on request. This includes what BOPAG holds, how it is used and how to access the information should anyone wish to.
·         In April, BOPAG will send everyone on the mailing list a Privacy Notice explaining their rights under GDPR and asking members to confirm that they wish to remain on the mailing list
·         In May, BOPAG will contact those members who have not responded in April. If no response is received, their details will be removed from the contact database
 
BOPAG Privacy Policy and other related information can be found in the About Us section
           
 
            BOPAG has pulled together a ‘guide’ which details the steps taken to comply along with the policy and notices. This is available to any group who feels that it may help them. Please remember that BOPAG is very much feeling its way through this and have pulled out the parts of the regulations that are relevant to the type of group that we are and the data we hold. For example, there are additional requirements for organisations/groups that hold data on children which clearly didn’t apply to BOPAG. If you think that this might help your group, please get in touch

Our latest news
Dec 30, 2018

Out now !

The Winter edition of the Age UK Buckinghamshire Engage Magazine 2018/9.

You can read this new issue in magazine format on the Age UK Bucks website: http://bit.ly/AgeUKBucksEngage