The Data Protection Policy of the Federation of Old Cornwall Societies
General Data Protection Regulations
New regulations become legal on the 25th May 2018. It is the responsibility of everyone concerned to inform their members of these regulations which are relevant to their organisation. Whilst the regulations will have greater impact on organisations and companies that use and store data they also apply to societies that collect and use that information.
1.Every organisation should have a data protection policy.
2.All organisations must obtain the consent of individuals to hold and process their information.
3.Personal data can be a complex category of information which can be used to identify a person. This can be a name, address and IP address.
The GDPS approves the use of pseudonymiation to reduce risks to the data subjects. Pseudonym data is still considered personal data and is therefore subject to GDPS.
4.Members must have the right to access their data. If someone requests their data they must they must receive that data within one month.
5.Consent must be explicit to data collected and the purpose of the use of the data. Members have the right to erasure of their data.
6.The use of inclusion of pre-ticked boxes on data collection forms is banned.
7.A person must be able to transfer their data from one electronic system to another.
8.Speakers must be asked if their information can be displayed in the society’s publicity material.
9.You should inform and obtain permission of all society members if their name and data will be displayed in magazines, journals, posters, on the website or passed on to other societies.
An example that is relevant to FOCS is the data we hold about speakers.
10.The DPO must be informed within three days if a person can be identified from published data when they have not given their permission.
17th January 2018
To all FOCS societies
I have been asked if I would create a template for member registration. However I am sure most societies will have their own form but the one attached shows the personal data that is the subject of the new GDPR regulations.
My previous letter did not mention the use of CCTV as I expect that if there is CCTV in the venue you use then the owner of the building will need to control the use and storage of any recorded data.
I also wish to inform societies that whilst large organisations need to be fully compliant from the 25th May it is recognised that small organisations and societies may not even know of the new requirements and therefore they will not face legal actions following any unintentional disclosures of personal data. I expect that as everyone becomes aware of the new regulations it will become second nature to observe the requirements for using and storing personal data.
If society members submit photographs for inclusion in Kernow Goth or on our website then the permission of the members shown must be obtained.
10th April 2018