7 things about GDPR you need to know

You may have heard about GDPR. This acronym has been all around the news since the beginning of 2018. Everyone is talking about GDPR but what is it and what does it mean for you? In this blog post, we will tell you everything you need to know and how Friends House will deal with this new regulation.

1. What is GDPR?

GDPR stands for General Data Protection Regulation. This new regulation will enhance and strengthen data protection within the European Union, including the United Kingdom. The need for better protection of EU citizen's data prompted the European Commission to reinforce data protection across the member states.

2. What does it mean for your data?

GDPR intends to make your data more secure. Data will now be stored on servers located within the EU. The regulation also gives you more control over which information you decide to share with companies or organisations for example.

3. When will GDPR be enforced?

The enforcement date for GDPR is 25 May 2018. By this date, companies and organisations will have to be compliant. After this date, non-compliant bodies could be fined.

4. What about GDPR enforcement in light of Brexit?

GDPR will be enforced regardless of Brexit. The current Data Protection Bill passing through parliament will enact GDPR for the UK so we will continue to be required to comply with it.

5. How are companies and organisations preparing themselves?

Companies and organisations should follow a series of steps to be GDPR compliant. This is what we did at Friends House:

  • Data audit​​​​

We led a data audit to see which data we hold and how we protect it. It helped us map our data gathering and processes, and make sure we were taking the necessary steps to comply with the new regulation.

  • Software and systems

We checked that our software and systems were based in the UK or the EU. We also sought data processing agreements with non-EU companies.

  • Privacy policy

We reviewed and updated our privacy policy. It provides an overview of how we manage data of anyone who is consenting to data collection.

  • Emails

We sent a “positive opt-in” email campaign to everyone who had subscribed to our newsletter.

6. What is a "positive opt-in"?

Everyone has received a newsletter one day from a company that they had never heard of. GDPR intends to end this situation by reinforcing the control people have over their email subscriptions. Getting people's consent is one of the focus points of GDPR checklists for many companies and organisations, such as Friends House. To be compliant, we sought your consent to receiving our newsletters. We did so by launching a campaign by email. We asked you to let us know if you still wanted to hear from us via email after 25 May. The email gave you the opportunity to opt-in or unsubscribe. No opt-in box was pre-ticked (the same rule applies to the subscription form on our website), thus giving you the opportunity to positively opt-in. This is where the term "positive opt-in" comes from.

If you subscribed to our newsletters before March 2018, you should have received our GDPR campaign email. If not, have another look at your mailbox, including the junk and bin sections. If you cannot see anything, let us know at news@friendshouse.co.uk.

7. What happens next?

Friends House aims to be fully compliant by 25 May, which is the enforcement date. If we have not heard from you regarding consent to receiving our newsletter before 16 May (which is our cut-off date), we will automatically unsubscribe you from our mailing list, and we will never contact you again via newsletter. If you missed the deadline and still wish to receive our communications, please let us know by email (news@friendshouse.co.uk). Regardless of GDPR, you will keep on receiving transactional emails from us, as they are solely functional and informational (booking details, process, invoices, etc...).

If you have any concern over how your data is used by Friends House, please contact our data safety group: datasafety@quaker.rog.uk.

Further readings:
Information Commissioner's Office:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
EU GDPR Portal: https://www.eugdpr.org/eugdpr.org.html