This post has been written by Daniel Duke (a resident, and website volunteer)
Definition: the “General Data Protection Regulation”
As many of you may have noticed over the past few weeks, there have been more and more emails landing in your inbox talking about a thing called GDPR. They have asked you to confirm you still want access to the content, whilst appearing to threaten to remove you from the list if you don’t reply by the 25th May.
This is not a threat though, but a legal requirement, brought about by this important (and not pointless) law. It’s main intention is to ensure that if a company has our data, and that they use it for marketing, research, or anything else, that we have specifically said that we definitely want our data used in that way. Complex privacy policies are not good enough anymore, neither are preselecting checkboxes, or just writing an email on a scrap of paper and saying that it counts as consent.
The main points are: a user must give consent, they must have known they were doing so, and you should have a record showing exactly what they filled out (and when).
Now, it is worth noting I do am not an expert in GDPR, and if you are concerned, then it may be worth talking to an professional advisor on this matter. The purpose of this article is to help the small community groups in our village to understand what needs to be done.
There are a lot of sites that can help though, in particular the checklist on this page, which helps you to easily work out if you need to do something based on how you acquired the data:
If you think this is useful, please do share to others in the village via email/facebook/twitter/etc. So that all people with mailing lists for their events/groups/teams knows that they may need to do something.
As with any law, there are of course exemptions, which can be found here
But on a basic note, this page lists all the security/health/legal things you may not be working with.
On a small business basis though the exemption which may be of most interest to you would be ‘contractual’ (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/contract/) now this doesn’t get around the fact that you should only store data necessary to perform the task (do you really need to know someones gender to quote for some electrical work?), but if you have been asked to give a quote, or are providing a service, then for this purpose (and this purpose only) you have been given suitable consent to use their data.
Of course, if you are considering whether an exemption applies to you, contact a professional to confirm if it does or not.
Posted on May 20, 2018 in Events in and around Dorchester