The Data Protection Policy of the Federation of Old Cornwall Societies
General Data Protection Regulations
New regulations become legal on the 25th May 2018. It is the responsibility of everyone concerned to inform their members of these regulations which are relevant to their organisation. Whilst the regulations will have greater impact on organisations and companies that use and store data they also apply to societies that collect and use that information.
1.Every organisation should have a data protection policy.
2.All organisations must obtain the consent of individuals to hold and process their information.
3.Personal data can be a complex category of information which can be used to identify a person. This can be a name, address and IP address.
The GDPS approves the use of pseudonymiation to reduce risks to the data subjects. Pseudonym data is still considered personal data and is therefore subject to GDPS.
4.Members must have the right to access their data. If someone requests their data they must they must receive that data within one month.
5.Consent must be explicit to data collected and the purpose of the use of the data. Members have the right to erasure of their data.
6.The use of inclusion of pre-ticked boxes on data collection forms is banned.
7.A person must be able to transfer their data from one electronic system to another.
8.Speakers must be asked if their information can be displayed in the society’s publicity material.
9.You should inform and obtain permission of all society members if their name and data will be displayed in magazines, journals, posters, on the website or passed on to other societies.
An example that is relevant to FOCS is the data we hold about speakers.
10.The DPO must be informed within three days if a person can be identified from published data when they have not given their permission.
17th January 2018
To all FOCS societies
I have been asked if I would create a template for member registration. However I am sure most societies will have their own form but the one attached shows the personal data that is the subject of the new GDPR regulations.
My previous letter did not mention the use of CCTV as I expect that if there is CCTV in the venue you use then the owner of the building will need to control the use and storage of any recorded data.
I also wish to inform societies that whilst large organisations need to be fully compliant from the 25th May it is recognised that small organisations and societies may not even know of the new requirements and therefore they will not face legal actions following any unintentional disclosures of personal data. I expect that as everyone becomes aware of the new regulations it will become second nature to observe the requirements for using and storing personal data.
If society members submit photographs for inclusion in Kernow Goth or on our website then the permission of the members shown must be obtained.
10th April 2018
A Meeting to Discuss GDPR
Following a meeting with Priscilla Oates, President, Ivor Corkell, Hon Secretary, Terry Knight, Editor and Tony Mansell, Webmaster the Federation wish to inform member societies of the agreed strategy for the new General Data Protection Regulations which come into effect from the 25th May 2018.
Personal identifiable information (Pii) is any data that would identify an individual. Examples which are relevant to OC are a person’s name, address, phone number, email address, photograph, video recording, details of a person’s education ( letters after one’s name) or the fact that a person is a member and/or officer of an association and their attendance at meetings (An attendance book might be used).
Old Cornwall Societies use a very limited amount of personal information mainly to contact and inform its members about meetings and organised visits such as OC Festivals.
However the use of any data must be with the written consent of its members. Societies will need to record their members’ data and obtain a signature or initials of consent that :
1.Their data may be used for the organisational needs of their society;
2.Their data may be used for the organisational needs of the Federation
3.Their data may be used and shown in the Old Cornwall journal and on their society’s and the Federation’s website. (e.g. a group photograph at a festival)
Most societies will already have the names and contact details of their members but in future they need to have the written consent of their members to store and use that information. This is likely to be a one-off exercise with most societies. If a member is under 18 years old then the written consent of a parent must be obtained and safeguarding must be employed. Photographs of children cannot be used without parental consent.
All societies are listed on the Federation website and the Federation would like to display the contact details of at least two members from each society together with their office title in that society. It is hoped to include the name and telephone number of the President/ Chairman, Hon Secretary and Hon Treasurer and perhaps the Membership Officer and Recorder for each society.
It is the responsibility of each society to keep the Federation informed of any change of officers together with their contact details. (The Federation’s contact is Terry Knight)
Societies must obtain the written consent of its speakers and presenters to display their personal details on programme sheets and posters, their society’s and the Federation’s website. It would be useful to obtain their consent to pass on their contact details to other interested parties and to display details in newspaper write-ups.
A template for the collection of data is included.
16th April 2018.