General Data Protection Regulation (GDPR) May 25th, 2018.
Since 1998 personal data security, privacy and processing in the UK has been governed by the Data Protection Act. From May 25th, 2018 this will change and instead will be governed by GDPR – a European Union law which will continue to be in force after Brexit.
GDPR has strengthened many areas in the area of data protection and security, and BMVC must comply.
BMVC data security policy
The following notes outline how we collect store and protect the data we collect on our choristers.
Personal data
Under GDPR ‘personal data’ covers everything relating to a person that can be used to identity and individual, no matter whether stored on computer or as a paper file.
When members join the choir we collect name, address, email (if they have one) and telephone number. We use this data to communicate with them to inform them of concerts, rehearsals, etc. We also keep a record of members who have paid subscriptions or made other payments as part of the choir’s accounting records.
This information enables us to carry out ‘the legitimate interests of the organisation’ as defined by GDPR. As a choir member you cannot object to us carrying out these activities but you do have the right to see the data we hold on you and ask us to make any necessary corrections.
We also record start date so that we can celebrate ‘service anniversaries’.
Additionally the choir likes to celebrate members birthdays and, for that purpose, we collect the birth date information. This activity is optional and members have the right to opt out of the ‘celebration’.
The choir does not hold any date about their members that is not collected from them.
The choir does not distribute members data to any third party organisations, although we may forward details of third party events, e.g. BFoC concerts or workshops, to members. This is legitimate communication.
The choir makes available name, address and phone numbers of members so that we can communicate on choir matters, eg rehearsal cancellation, concert arrangements, etc.
Data storage
BMVC does not have its own data storage or processing systems. The data we collect is stored on Committee members personal IT equipment. One member of the committee has the responsibility for keeping membership data up to date and making available to committee members as required.
Your rights under GDPR
- The right to be informed what data is held about you and how it is used – that is the purpose of this document
- The right of access – you may ask to see what data we hold about you, so you can check its accuracy. We must respond within 30 days of any request
- The right to rectification – we must correct errors that you notify to us.
- The right to object – for example if you have not consented to receiving eMails we must abide by your decision.