The (EU) General Data Protection Rules (GDPR) legislation came into effect on 25th May 2018. It strengthens the rights of individuals to control the holding of their personal information by third parties, providing more accountability and transparency, and enhances the provisions of the Data Protection Act 1998. Currently there is a Data Protection Bill going through Parliament in support of GDPR. Once passed, it will replace the 1998 Act as the primary piece of data protection legislation.
The published GDPR Guide helps organisations to understand the key elements and to reach compliance. See link https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
All organisations must establish internal procedures for handling personal information. The GDPR applies to ‘personal data’, meaning any information relating to any person who can be directly or indirectly identified, in particular by reference to an identifier. The definition covers a wide range of identifiers (names, addresses, email etc).
Organisations must have a lawful basis for processing personal data. There are six lawful bases for such processing and at least one of these must apply whenever personal data is processed. After study of the Guide, we have concluded that ‘Legitimate interests’ is the most appropriate basis for the Trust.
All personal details supplied to The Wimbledon Village Hall Trust (WVHT) will be held securely and only accessed by those appointed to administer the database. It will be used solely for communication with them concerning operation, governance, events and only matters concerning WVHT. It will not be shared with any other organisation except where there is a statutory obligation to do so. Clients may write to the Secretary at any time to request to see his or her details held or request the removal of his or her details from the database.