GDPR and your members

It’s only a few months now before General Data Protection Regulation is enforced. In the final part of our series of articles looking at this subject, employment law specialists Irwin Mitchell consider how it will affect the way you deal with members. We’ve looked at the general principles and we’ve looked at how it will affect your staff, now it’s time to turn to your customers. How will General Data Protection Regulation alter the way you deal with your members? In case you’ve been hiding under a rock for the last few months, General Data Protection Regulation – otherwise known as GDPR – is a major reform of data protection law that comes into effect on May 25. It will impact every organisation in the UK, including golf clubs, and will become law in the UK regardless of our impending exit from the European Union. A bill, currently going through Westminster, will effectively copy and paste GDPR into UK law ahead of our departure. All businesses that use personal data will have to comply with the new regulations and stiff penalties await for those who don’t. With potential fines of up to 20 million euros, or 4% of annual worldwide turnover, whichever is bigger, levied on firms that aren’t up to speed, ignorance is simply not an option. Does the GDPR apply to data we hold about our members? Assuming all of your members are individuals, the GDPR will apply to all data you hold about them, or that can be associated with them, whether this is held electronically or in a paper form that can be searched by a criteria (for example, a roll-a-deck searchable by first letter of surname). This type of data is referred to as “personal data”. Can we continue to contact our members about renewing their membership? The answer to this question will depend on what you told the member when they first signed up to join. If you were clear about how the renewal process works (for example, you told the member that they would receive a reminder letter or email shortly before their membership expires) you should be able to rely on this. The position would, however, be different if you contact members to remind them about renewal after their membership had already expired. This type of approach is likely to be considered to be marketing, and special rules therefore apply. Can we email newsletters, information, offers and marketing to our members under GDPR? All of these things are ‘unsolicited marketing’ and, under existing rules, you can only send these if your members agree. However, under GDPR, the rules around consent are changing, which will make it much more difficult to obtain and maintain. From May 25, any consent you obtain will need to be: given by clear affirmative action – this means that your members’ must positively give their consent, for instance by checking a box or signing a form. A pre-ticked box, or an opt-out box (for example,“check here if you do not...
This is member only content

Please LOGIN to read the full article.

Not a member? Please click here to join today.

More from Education