Revision v.1, 3^rd May 2018

Author – Kerry Marsh

Introduction

These rules are intended to enable the Rudge Enthusiasts Club (here referred to as REC) to meet the data security requirements of the GDPR which comes into effect on May 25^th 2018.

The rules apply to all the Directors of the REC and all assistants identified by the General Secretary as being personal data processors. Personal data processors are members who use members’ personal data to deliver the services of the club. Area representatives, the Librarian, those responsible for new and used spares, and the Archivist are examples of data processors.

Data policy rules

1. You can only divulge a member’s personal data to another member by first getting their explicit consent.
2. Once you have gained consent you must retain the email or else keep a record of the conversation so that, if audited, we can demonstrate compliance with these rules.
3. Therefore, in order to email several members at the same time, you can only use bcc in the email address bar. That will keep the email addresses confidential from other recipients. Using the cc function will be a data breach that we will have to report to the ICO.
4. The only third parties (ie organisations outside the REC) that we can share personal data with are Woodlands Design (Webmaster), Pagefast (Radial), the DVLA (via the Registrar). Personal data must not be shared with any other third party. Should a new need to share members’ contact data with a third party arise, this should be raised with the General Secretary. The General Secretary can then amend these rules appropriately.
5. REC members’ personal data should be stored securely and appropriate measures taken to ensure it cannot be stolen. This means having a Firewall switched on, using an effective anti-virus program and setting internet security settings to their recommended levels.
6. If requested by the General Secretary to delete members’ contact data, you must do so and confirm you have done so.

The General Secretary will list all those members who assist the committee in delivering club services and need members’ personal data to do so. These are the data processors. The General Secretary should require all Directors of the club and all the data processors to sign the form below and return it to the General Secretary.

- - -

REC Personal Data Security Policy - Agreement form

If you are a Directors of the club or a data processor,  please complete and sign the form below and return it to the General Secretary.

Member’s name :                  ………………………………………………………………………………………………………………..………….

Role within the club :          ……………………………………………………………………………………………………………………………..

Reason to need access to members’ personal data : ………………………………………………………………………………………………………………………………………………………………………

………………………………………………………………………………………………………………………………………………………………………

………………………………………………………………………………………………………………………………………………………………………

I have read the REC  personal data security rules and agree to follow them in processing and storing members’ contact details.

Signed :

Date:

Please return this completed form to:

REC General Secretary

Please find address in The Radial Magazine.

Document revisions

Revision v.1, 3^rd May 2018

Author – Kerry Marsh

Revision history:

v.0 – First draft 20^th March 2018

v.1 – Added requirement to keep records of consent. Removed Deep Blue Logic as a third party supplier.

 DOWNLOAD REC PERSONAL DATA SECURITY POLICY (v.1) in PDF format