You might think that data protection isn’t relevant to you and is for businesses. But you’d be wrong. Think about the data you do hold which could include members’ names, contact details, financial information,…
In less than a year, on 25 May 2018, the EU General Data Protection Regulation (GDPR) will enter into force. There will be more stringent obligations on those processing personal data, in particular when the data subject is a child. The GDPR also imposes greater enforcement powers, such as administrative fines and a temporary or definitive ban on processing. So if you hold or use that kind of data, you need to know what your obligations are (e.g. the records keeping obligation, the implementation of “appropriate” technical and organizational measures and the notification of a personal data breach to the supervisory authority or even to your members if the latter is likely to result in a high risk to their rights and freedoms).
In any case, providing your members with sufficient information is of utmost importance: which data? for how long? for what purposes? which recipients receive the data?, etc.. This doesn’t have to be lengthy, depending on your own circumstances, but you must ensure that this information is easily accessible and easy to understand.
Also, individuals have rights in relation to personal data processed about them, principally the right of access to data held about them. So, be prepared to handle such requests properly and in due time (i.e. in principle within one month of receipt thereof).
The GDPR can be found on: