Members will have noticed that the Guild’s website was down for a couple of weeks in October/November, as a result of discussions on the GDPR at the last Exec meeting.
The GDPR is a very broad legal framework intended to prevent people’s personal data from being misused or exploited. It is European-wide and necessarily suffers from the problems of trying to make one size fit all. The GDPR is intended to cover institutional use of personal data: personal use of personal data is specifically outside the scope of the Regulation. So if someone hacks into your computer (perhaps through a phishing email) and steals your Christmas card mailing list, you cannot be prosecuted for a data breach. But, if you are also a Guild Officer when your computer is hacked and the membership list is stolen, that could possibly make you a criminal! Seriously‼! You would have to show that you had taken reasonable precautions to prevent this from happening and that the Guild had done likewise. Make sure that your Antivirus software is up to date at the very least.
The argument in the Exec meeting was that a website can be viewed anywhere in the world and because of this, no personal data can be put on it without explicit consent (i.e. a record signed by the data subject and kept for ever). This includes photographs which became the focus of discussions, although anything that identifies a person (such as a name) is personal data. If this assertion were true, it could mean that many ringing websites could be illegal.
The Guild Master took the matter up with the Information Commissioner and was told that as long as our privacy policy was in order, publishing compliant material on the website was not in breach of the GDPR. We were free to put up the website again.
However, it is essential that all Guild members, but especially Officers, should be careful when sending messages that contain personal information. Email addresses, and membership of email groups, should be kept private, as with phone numbers and postal addresses. All members need to be familiar with our privacy policy in order to ensure that anything they put on the email groups or website is compliant.
All Officers and tower correspondents have ‘official’ email addresses which are redirected to the address of the current post-holder. This keeps the personal addresses safe whilst meaning that you don’t need to know the email address or even the name of the current post-holder. The following examples should show how the system works.
Guild Officers:
etc.
District officers:
etc;
Tower contacts:
etc.
(You can get the tower contacts from the Tower pages of the website, and the Guild and District contacts from those pages.)