General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy (GDPR Portal 2018).
What’s different from the Data Protection Act?
The data protection principles are the same, but there is much more emphasis on explaining how we protect personal data in detailed Privacy Notices and Data Sharing Agreements.
What happens if we don't implement changes?
Under the GDPR, the Information Commissioner’s Office will be able to levy fines on organisations for data protection breaches of up to 4 per cent of their turnover or €20m (£18m), whichever is larger (The Third Sector 2017).
How PlaceNet will meet the legal requirements:
* PlaceNet uses Google drive as a central cloud based record system management.
* Only the Trustees have access to the above Google drive. When a Trustee leaves the board, their login will be disabled and all passwords will be changed.
* PlaceNet will only store data pertaining to conference and masterclass attendees for a maximum of 2 years .
* PlaceNet only keeps members’ data for 12 months. Membership expires every 31st May of every year.
* Membership is subject to any one person from one institution attending the PlaceNet annual conference (mid-May yearly). The whole institution will become members through participation.
* Every May, PlaceNet will subscribe each institution to the membership list and request each institution for contact details for the purpose of mailing list.
* Any person who attends the Masterclasses (February and November yearly) will automatically be added to the mailing list.
* The data PlaceNet holds for each individual is their full name, work email address, institution and job title.
* Any person can ask to be removed from the mailing list at any point.
* PlaceNet will not send unsolicited emails.
Sources: GDPR Portal: Site Overview, 2018, https://www.eugdpr.org/
Guide to the General Data Protection Regulation (GDPR), 2018, https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
The Third Sector, 2017, “Breaking GDPR rules could put charities out of business”, https://www.thirdsector.co.uk/breaking-gdpr-rules-could-put-charities-business-says-data-strategist/fundraising/article/1447837