Do I have to comply with GDPR?
Yes. All our local groups and volunteers are working on our behalf and this means that aspects of the law such as GDPR apply to everyone.
What does GDPR apply to?
It applies to anything where you’re collecting, storing or processing personal information. For most groups this might affect names and email addresses of people you contact about meetings or upcoming events. You may also have addresses and telephone numbers of people too.
GDPR means that we have to have a specific record of consent from individuals to capture and store special category information (for example, diabetes type or medical information) and be clear about why we need that information. It’s likely that local groups and volunteers don’t need any of this information and should probably delete or dispose of it securely. Get in touch with us if you think this may apply to you.
Shouldn’t we be doing all this before 25 May, 2018?
Working with over 350 local groups presents some challenges, and we want to make sure we get our approach to working with you just right. Whilst GDPR regulation comes into force on 25 May, we’ll continue to work across the charity and with volunteers to protect the data we collect and process.
For our groups, this means it’ll take us beyond 25 May but that we’ll have a common understanding that works for everyone.
Do we really need permission to contact everyone we’re already in touch with?
To send out information by email about the work of your group or of Diabetes UK, you need to have a record of consent to contact the recipient by email. It’s likely that whilst you’re storing that information securely, you may not be able to evidence how and when someone gave you their permission to contact them by email. Getting consent from people again shows them that we take their information seriously, and that we’re sure they still want to hear from us.
How do we have to get consent?
We recognise that local groups have a wide network of contacts and that data is captured and stored in a variety of different ways. We’ll work with you over the coming months to understand how many people your group is in contact with, how you contact them and what methods you use to store that personal information.
How do we know we’re complying with GDPR?
We’ll give you all the tools and support you need. Complying with GDPR is really about being open with people when you capture and store their personal information. If you’re only asking people for the information you need, and you store it securely – it’s likely you will be complying with GDPR.