The EU’s upcoming Data Protection Act, will bring fundamental changes to the practices of data collection and cyber security. The European Union’s General Data Protection Regulation (GDPR) takes effect in May 2018. This is when the Data Protection Act begins enforcing new general data protection regulations for all organizations — regardless of location — if they handle the personal information of EU citizens. GDPR imposes extensive protections, limitations and requirements for compliance. GDPR also imposes severe penalties for noncompliance. The UK Information Commissioner's Office makes it clear that no charity and no not-for-profit organisation may assume automatic permissible use of contact details that you may have previously provided to tell you about aims, campaigns, products, services and other activities. I must write to you to inform you of your rights and the policy of the International Association of Amateur Heralds under the General Data Protection Regulations which come into force on 25th May 2018. We need to identify what lawful basis we have for processing your data.
Lawful Basis for Processing Data:
Data can only be processed if there is at least one lawful basis to do so. The lawful basis for processing data for the International Association of Amateur Heralds is: The data subject has given consent to the processing of his or her personal data for one or more specific purposes. The specific purpose is to facilitate efficient membership services to allow contact by email, post or by telephone solely regarding issues pertaining to your membership of the Association. Consent Where consent is used as the lawful basis for processing, consent must be explicit for data collected and the purposes data is used for (Article 7; defined in Article 4). Consent for children must be given by the child’s parent or custodian, and verifiable (Article 8). Data controllers must be able to prove "consent" (opt-in) and consent may be withdrawn. The International Association of Amateur Heralds NEEDS YOUR EXPLICIT PERMISSION to contact you about anything after May 25th, 2018 so we need every individual member to sign a consent form giving us that permission and reaffirming that permission for contact by email, post or by telephone, and preferably all three please. We can no longer rely on the fact that you may, at some time in the past, have given your tacit consent for us to hold any of your details; you must now explicitly give your consent. We ask that you use this form to give your explicit consent and within the next two months we will remind members by email (if we have their email address) to ensure that everyone has given their explicit consent. After that point, if you have not signed, you will not receive any contact or information from the Association. Although of course we will continue to maintain our presence on our web site. We will not share or publish your name, address, email address, or phone number with anyone. How long do we keep the Data? The guidance states that we should keep data ‘no longer than is necessary for the purpose you obtained it for’. We will therefore only keep any data you have consented to us holding for the period of your membership of the Association. If you decide not to renew your membership of the Association, the data we hold on you will be erased/destroyed and you will no longer be contacted by the Association. You also have the right at any time to ask us to let you know exactly what data we hold on you and you have the right at any time to request that changes are made or that all your data is removed. Should you request that your data is removed you will not receive any further communications from us. None of your personal data will be released to any third party. Our full data protection policy document is currently being drafted to reflect our policy and these new requirements. Once finished we will post it online and draw your attention to it. For the moment, the Association’s VP Communications, Martin Goldstraw, is the Association’s Data Protection Advisor and you may contact him by email at vp_commes@amateurheralds.org The International Association of Amateur Heralds
General Data Protection Regulation
CONSENT Please fill in ONLY the information you are content to share with us. None of your information will be shared with any third party. I [Name]………………………………………………………… Email Address …………………………………………………… Explicitly give consent to The International Association of Amateur Heralds holding the above data until I either resign from the Association or request that my data is removed. I understand that the data will only be used for contact by email regarding the activities of the Association.
Signed ……………………………………………….. Date …………………………………………………