Getting Ready for GDPR
Health Warning
Note that the views about GDPR on this page are those
of Neil Stevens who takes a lead role for GDPR on
the regional committee. There is probably no single
“correct” approach and you will find differing opinions
elsewhere.
The paper below provides some background
to the new data protection regulations
that come in to force in May 2018.
Legitimate Interests V Consent
There are several legal basis for processing of members’ data.
The two that concern U3As are Legitimate Interest and Consent.
You don’t need consent for everything you do with members’ data.
For some things it is better to rely on Legitimate Interest.
Here are three links to articles on the internet which explain this:-
1) This is a link to the Information Commissioner’s blog entitled:-
“Consent is not the ‘silver bullet’ for GDPR compliance”
https://iconewsblog.org.uk/2017/08/16/consent-is-not-the-silver-bullet-for-gdpr-compliance/
2) A video in which the lead information officer for Scotland explains Legitimate Interests V Consent
https://www.culturerepublic.co.uk/blog/news-&-resources/ico-video-gdpr-consent-legitimate-interests/
3) A paper explaining Legitimate Interests and how to undertake a Legitimate Interest Assessment
https://www.culturerepublic.co.uk/blog/news-&-resources/gdpr-legitimate-interests/
Example Legitimate Interest Assessment
Here is an assessment that could be used by a typical U3A
Example Policies
The YAHR Committee will be considering this
data protection policy at their meeting on April 16th.
Below is an example Privacy Policy for a U3A. Note that
in this example legitimate interest has been used as a basis
for administering membership.