Use your website to manage your GDPR obligations

Every amdram society will be aware that since 25 May 2018, you have certain legal responsibilities in respect of data protection and privacy. In most cases, this will cover your members and anyone whose details you hold on a mailing list (which may include people who have previously bought tickets from you). By now, you will have set out your own Privacy Policy to describe how and why you use personal data. That’s great. But how do you deal with some of the administrative requirements?

  • Data must be kept secure. How and where do you keep your data?
  • Data must be kept accurate and up to date. How do you make sure your data is up to date?
  • Data must not be kept for longer than is necessary. How do you keep tabs on the length of time you have held the data?
  • Individuals have the right to see, amend or delete their data. How do you manage requests for this?

In a typical amdram society, your Secretary probably keeps a list of member’s name and addresses on their laptop and prints a copy for any society official who needs it. So far, so good.

But what do those society officials do with those printed lists? Do they securely destroy them once they’ve finished with them? Or do they keep them in case they need them again? If so, you’ve got several copies in circulation, each of which may be out of date.

And does the “official” list contain only those members who are current, or whose membership has expired only within a year or so? Or does it contain members who haven’t renewed their subscription for many years beyond that stated in your Privacy Policy?

Using your website to store and manage your data may be a better solution. In most cases, your web host will hold your data on secure servers; you will have a single central record which you can make available to specific society officials when required (they can log in to view it at any time but it shouldn’t be printed); you can set up a system to monitor how long it is since a member last paid their subs and therefore when their data should be deleted; and you can even allow members to login to view (and amend) their own data.

And if your website is built with Joomla (and all ours are), a new, free feature is available to manage any requests to your website to view, amend or delete personal data.

Something to consider?