GDPR – don’t panic

Forums General Discussion GDPR – don’t panic

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #574028
    Graham Winstanley
    Participant

    At Lincoln Astronomical Society we recently received a lengthy document from the FAS with guidelines to follow regarding the new data protection regulations being implemented from 23 May. This is not as onerous as may appear at first sight and the document has been well thought out and gives good practical advice. However, research on the ICO website finds the following extract:

    “We are a not-for-profit organisation – do I need to register?

    You do not have to register if organisation was established for not-for-profit making purposes and does not make a profit or if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must:

    • only process information necessary to establish or maintain membership or support; 
    • only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it; 
    • only share the information with people and organisations necessary to carry out the organisation’s activities. Important – if individuals give you permission to share their information, this is OK (you can still answer ‘yes’); and
    • only keep the information while the individual is a member or supporter or as long as necessary for member/supporter administration”

    I believe this means that the majority of astronomical societies will not need to register and therefore not fall under the new rules. If anyone knows otherwise I would be grateful if you could let us know. I am awaiting a reply from an email to the ICO.

    #579461
    Callum Potter
    Keymaster

    Hello Graham,

    though probably most local societies will not need to register (and pay a fee to the ICO) it does not mean that you don’t need to follow the regulations.  The regulations apply to all businesses and organisations that process personal data – whether electronic or on paper.

    Registrations are just the way that the ICO is funded, and the exemptions for small clubs and the like are more or less the same as under the old law.

    So I am afraid it is not a silver bullet.

    Regards,
    Callum

    #579463
    Graham Winstanley
    Participant

    Thanks Callum. I will update when the ICO reply to my enquiry.

    #579464
    Gary Poyner
    Participant

    Indeed the guidelines have to be met, even for small groups like the Heart of England AS.  We have uploaded a privacy policy to our web page, and each member will be required to sign a new form of our own design regarding the data we keep on them, and to say that they have read and agree to the privacy policy.

    We use CCTV cameras to cover the car park, and the data is kept on a PC.  Therefore we have to register and pay an annual sum to the ICO.  If you use CCTV and store the data, their is no escaping it.

    Gary

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.