GDPR

Don’t read this, it’s private!

Having, hopefully, caught your attention, I just want to give the membership an update on where the society stands on the new data protection laws about to come into force.

The NGS will of course be complying with the new law, known as the General Data Protection Regulation (GDPR for short). In brief there is no change in the data the society will hold of the members, or the ways in which it is used. There is no requirement for the members to take any action and the society is not required to seek any additional permissions from the members.

There is however a fair bit of work for the society management in that several documents are required to be produced and made available to those whose data is held, i.e. the members. These documents are required to demonstrate that the society is complying with the GDPR. The society is compelled to state what type of data is held, why it is held, how it is used and what the members’ rights are in respect of data held. Some of the documents will be dry, technical descriptions but I will follow up with briefing notes that describe what they are about in a more easily read version.

The society will have to register with the Information Commissioner’s Office (which we didn’t have to previously) but as both a “small organisation” (as defined by the GDPR) and a not-for profit organisation, the society is exempt from some of the requirements and from paying the fee. The society has to show that it has a ”lawful basis for processing” the members’ data and has undertaken a “legitimate interest assessment” to test that the society’s use of members’ data is in the members’ interest. (Sorry for the quote marks here but these are the legal terms used in the GDPR).

In the meantime, members can be reassured that the only personal information held on individual members is name, address and (where they have been provided) phone number and email address. In effect, if a member doesn’t provide the society with, or allow to hold, their name and address, then the society can not supply the products and services the member joined the society for and so opts out of being a member.

Although not covered by the definition of ‘personal data’. records of purchases made by members are retained, whether these are membership purchases or product purchases. The society does not however retain information about payment transactions such as credit card details.

The society does not give or sell the members’ data to third parties for marketing use. However, some data is sent to third parties for the purpose of providing society services – e.g. names and addresses go to the printers to make sure that the Journals get posted out.

If you have any questions or concerns about the new law, or about the way in which the society handles members’ data then please contact me.

Adrian Cotterill, NGS Shop Manager.