GDPR

How to handle data according to the EU's new GDPR

How to handle data according to the EU's new GDPR

General Data Protection Regulations

All members of Guild societies and student groups that process any form of personal information, are obliged to comply with new data protection legislation from the European Union. This is known as GDPR, or General Data Protection Regulation, and comes into effect on 25 May 2018.

Committee members are responsible for the protection of any data that they process on behalf of the society/student group. If a breach is identified, the society/student group is liable for the fine.

What is GDPR, and what does it mean to me?

GDPR is an update to the Data Protection Act 1998 mandated by the European Union, and will become UK later this year.

It governs how organisations such as the Students' Guild collects, stores, and uses personal data. Personal data is information about a person that can be used to identify them. This includes name, email address, telephone number, date of birth, membership of a group or organisation, dietary and access requirements, photographs, and social media accounts.

Legislation says that all personal data collected must be stored securely and can only be used or shared in a certain way, if the person whose data it is has given permission for it to be used in that way.

The most important aspect of this for you as a committee member of a society/student group is to ensure you are collecting data on your members in a safe and secure way. In the Students' Guild we use a membership database system called MSL, that drives everything that we do, from mailing lists, to group memberships, to running elections. The simplest and easiest way for you to ensure you are complying with the law is to use MSL, and other systems the Students' Guild provides in order to collect and store all the information relating to your group, and to make sure there is no information stored in other places, or that there are any hard copies of data you have collected.

The Students' Guild provides many different services to collect and store members' information, and use it in the day to day running of your society/student group:

Signing Up New Members

The Students' Guild automatically makes your group membership available to purchase online. When someone signs up online, their information is stored in your membership lists instantly. Using the online portal, you can see their name and student number, and you can email all your members directly through the message centre on the website.

Tickets/Event Sign-ups

We also allow you to sell tickets or provide a sign-up facility for you to record attendance at events. It also creates a mailing list for you so you can email those people directly before the event. Through tickets and sign-ups, you can also record any other information you might need such as access needs, dietary requirements, or other means of contacting people, all securely within the system and accessible to you through the online area.

Key Things to Remember

  • You do not need to collect members data other than through the Students' Guild's systems:
    • We provide you with the means to store it, and to use it safely and securely.
    • You should only collect the information you actually need.
    • Only print/download information when absolutely necessary - downloaded information should be password protected and printed documents kept securely.
    • Destroy/delete information securely as soon as it is no longer needed - the paper recycling boxes on campus are secure.
  • Photos and videos are personal data too, so you must have permission from individuals before sharing them.
  • If information outside of Students' Guild systems is lost or stolen, this would be classed as a data breach and the Information Commissioners Office would have to be informed within 72 hours.
  • You can request information to be collected for tickets or event sign-ups;
    • This is stored securely by the Guild.
  • You must not give out any personal data to anyone without the owner's consent - you should have this in writing as proof.
  • If there is any information you would like to collect, please contact A&V and we can advise you the best way to go about it.

Work through our GDPR Checklist to make sure you are compliant - Download here!

You can find out more information about GDPR in general at www.exeterguild.org/dataprotection/.

If you have lost personal data, had someone unauthorised access personal data or suspect that this has happened, please let the Guild know within 24 hours by contacting the Activities Team or emailing data-protection@exeterguild.com.

Mailboxes and OneNote (mailboxes under marketting)


University of Exeter Students' Guild is a Charity and Company Limited by Guarantee. Registered Charity Number: 1136468 Company Number: 07217324; registered in England and Wales Registered office: Devonshire House, Stocker Road, Exeter, EX4 4PZ