General Data Protection Regulations May 2018
Understandably members are concerned about the implications of the new GDPR, which came into effect on 25th May this year.
This has formed a major part of the work of the Executive Committee, over the last 6 months, and was discussed in detail at the recent BAB General Meeting.
All Associations should have full information on the decisions taken either by their attendance or through the subsequently circulated minutes.
In brief, the Board has a legitimate interest in maintaining all necessary data for 17 years after a person’s BAB membership ceases, to respond to insurance claims and legal action. If a person leaves the BAB within the period, whilst they could not require the deletion of their relevant data, it could be removed to a “hidden database.
The Board has approved a radical update of the Website to ensure compliance with requirements and has maintained regular contact with the Information Commissioner’s Office to ensure we are in line with their current thinking. It has been reassured to note their recognition that small organisations, in particular, were unlikely to be able to fully comply with the new Regulations by the operative date, but the Board agreed that it was important it showed that it was taking positive steps towards compliance. This has also included the development of a new Data Protection Policy, privacy notices and procedures and agreement to the introduction on direct membership payment which will greatly improve communications and management of data.
In addition a number of template policy, privacy notices and procedure documents with supporting Guidelines, are being prepared for Associations. As soon as these are approved they will be added to the Website.
We are indebted to Steve Billett, our Webmaster for his work in steering the deliberations of the Board on this very complex issue. Steve will be the Board’s Data Controller, pro tem, until the newly approved post of part time Director to the BAB is in post.