European General Data Protection Regulation

Posted on by

The use of our personal data by big companies is indisputably a hot topic right now and we don’t think anyone doubts the importance of regulations to prevent abuse and enhance the security of that data. The European General Data Protection Regulation – GDPR, which will take effect on May 25, 2018 is aiming to do exactly that – regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is – being literally everything – name, email, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.

GDPR by design has been aiming to regulate activities of the big companies like Google and Facebook that process insane amounts of personal data and are using it to generate significant gains, but at the end of the day it affects everyone – every small organisation that works with any personal data. Even if we use data in a completely legitimate way, the new regulation requires specific modifications like publishing a Privacy policy to state explicitly what kind of usage there is, making it possible for users to access their personal data, and more.

The U3A privacy policy is defined as:

  • Terms of Service: We have to inform members what data we collect about them and legitimise how we use it afterwards. We collect only the minimal set of personal data that is required to contact you regarding upcoming events, announcements or membership renewals. We don’t use any of the data collected for profiling or other secondary purposes and we do not sell it to anyone. The only data we hold is Name, address, email address and, if you have volunteered it, telephone number.
  • The right to be informed: We need to tell you that information will be held only for the duration of your membership. After that it will be deleted.
  • The right of access: At any point you can request what information we hold about you.
  • The right of certification: You can ask us to amend your personal data at any time
  • The right to be Forgotten: You can ask us to delete your information at any time. This will be done as soon as there is no further outstanding business.
  • The right to restrict processing: We never share your information with a third party but you could ask us to stop sending you communications.
  • The right to object: As per above – you can ask us to stop sending details of further activities. You also have the right to request that photographs taken at u3a activities that include you are not published.

We can only hold information about you that you have specifically given permission for us to do so.

Under the new regulations the U3A will only be able to keep communicating with you by email if you have actively agreed to these terms. We will be contacting everyone regarding this before May 25th.

Comments are closed.