On the 25th of May 2018 The General Data Protection Regulation (GDPR) comes into effect. This regulation updates the European Union’s Data Protection Directive of 1995. and will be directly applicable to all member states of the EU handling personal data.
I am not an expert on this matter, what I am trying to do is to bring it to your attention so that you can ensure that your group complies. If you are an expert and are prepared to help the thousands of amateur theatre groups then please contact me asap on jane [at] amdram [dot] co [dot] uk.
My understanding is that as we will still be in the EU when this directive takes effect, Brexit will not affect it at the moment, so you need to comply.
In my internet search I think the following two documents are the most useful
This second document lays out the changes as:
“You will need to review your consent mechanisms to make sure they meet the GDPR requirements on being specific, granular, clear, prominent, opt-in, documented and easily withdrawn.
The key new points are as follows:
Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
Active opt-in: pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar active opt-in methods (eg a binary choice given equal prominence).
Granular: give granular options to consent separately to different types of processing wherever appropriate.
Named: name your organisation and any third parties who will be relying on consent – even precisely defined categories of third-party organisations will not be acceptable under the GDPR.
Documented: keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented.
Easy to withdraw: tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.
No imbalance in the relationship: consent will not be freely given if there is imbalance in the relationship between the individual and the controller – this will make consent particularly difficult for public authorities and for employers, who should look for an alternative lawful basis.”
How each group handles the data they have is different, so it is important that you assess how these changes affect you.