Data privacy

The General Data Protection Regulations (GDPR) came into force during 2018. They broadly follow the principles of previous legislation but with some tightening. They are mainly aimed at protecting individual from large organisations but they apply to any organisation that handles 'personal information', which includes the Branch.

Branch operations were reviewed in the light or GDPR and as the basis for producing a data privacy policy that makes compliant compliant in a way that minimises the impact on the Branch's ability to continue to communicate with, and provide services to, its members.

The policy was approved at the 2019 AGM.

Much of the information held by the Branch can legally be used on the basis of 'legitimate interest', which does not require formal consent, and the policy is based on that. However, where slightly more than this minimum information is held it does rely on consent (either explicit, or often implicit).

The 'light touch' policy relies on the information passed to the Branch by tower correspondents having been given willingly by the member, with awareness of how we will use it, so the form used for the annual update and subscriptions has space to confirm this.

The policy and supporting documents are available from the links below.

• Data privacy policy - This is the top level policy.
• Data management processes - Detail of how we operate (existing and new procedures, with a section on tidying up history).
• Legitimate interest assessment - GDPR requires this if we hold information on the basis of 'legitimate interest' rather than 'consent'.
• Data status  - The table is called up by all three above. 

Page updated on 15-March-2020

© Oxford Diocesan Guild of Church Bell Ringers (Sonning Deanery Branch) 2010