General Data Protection Regulations
All members of Guild societies and student groups that process any form of personal information, are obliged to comply with new data protection legislation from the European Union. This is known as GDPR, or General Data Protection Regulation, and comes into effect on 25 May 2018.
Committee members are responsible for the protection of any data that they process on behalf of the society/student group. If a breach is identified, the society/student group is liable for the fine.
What is GDPR, and what does it mean to me?
GDPR is an update to the Data Protection Act 1998 mandated by the European Union, and will become UK later this year.
It governs how organisations such as the Students' Guild collects, stores, and uses personal data. Personal data is information about a person that can be used to identify them. This includes name, email address, telephone number, date of birth, membership of a group or organisation, dietary and access requirements, photographs, and social media accounts.
Legislation says that all personal data collected must be stored securely and can only be used or shared in a certain way, if the person whose data it is has given permission for it to be used in that way.
The most important aspect of this for you as a committee member of a society/student group is to ensure you are collecting data on your members in a safe and secure way. In the Students' Guild we use a membership database system called MSL, that drives everything that we do, from mailing lists, to group memberships, to running elections. The simplest and easiest way for you to ensure you are complying with the law is to use MSL, and other systems the Students' Guild provides in order to collect and store all the information relating to your group, and to make sure there is no information stored in other places, or that there are any hard copies of data you have collected.
The Students' Guild provides many different services to collect and store members' information, and use it in the day to day running of your society/student group. See below for more information.
Signing Up New Members
The Students' Guild automatically makes your group membership available to purchase online. When someone signs up online, their information is stored in your membership lists instantly. Using the online portal, you can see their name and student number, and you can email all your members directly through the message centre on the website.
We also allow you to sell tickets or provide a sign-up facility for you to record attendance at events. It also creates a mailing list for you so you can email those people directly before the event. Through tickets and sign-ups, you can also record any other information you might need such as access needs, dietary requirements, or other means of contacting people, all securely within the system and accessible to you through the online area.
Mailing Lists/Group Inbox/Cloud Storage
The message centre, located in your group's admin area, gives you the tools to be able to send emails out to all your members, and saves you having to input each of their email addresses individually. The message centre allows you to include pictures, attachments, tables, and anything else you would include in a normal email. However, it holds everyone's email addresses for you meaning you don't have to collect email address separately when people sign up.
Activities can also create mailing lists for you for all types of things, such as those who have signed up for a trip or an event. If you would like a mailing list to be created, please email Activities with the name of the list you would like created, and the student numbers of those you would like to be added (or the sign-up/ticket you would like the list to be linked to)
You can also access your group's mailbox directly, and use it to send correspondence to other groups, external partners or clients. This allows you to keep your society/student group and personal emails separate and ensures any data relating to the group is kept all in one place*. It also provides you with dedicated cloud storage for your group. This is a great way to make sure documents aren't lost in handover and that all the data is kept in one place.
If you need to reset your password for your group's shared mailbox, please complete this form to request the change.
*You should always try to use your group's Guild mailbox, but if you ever do use a different email account to send out a message, always use the Blind Carbon Copy (BCC) function.
Key Things to Remember
- You do not need to collect members data other than through the Students' Guild's systems:
- We provide you with the means to store it, and to use it safely and securely.
- You should only collect the information you actually need.
- Only print/download information when absolutely necessary - downloaded information should be password protected and printed documents kept securely.
- Destroy/delete information securely as soon as it is no longer needed - the paper recycling boxes on campus are secure.
- Photos and videos are personal data too, so you must have permission from individuals before sharing them.
- If information outside of Students' Guild systems is lost or stolen, this would be classed as a data breach and the Information Commissioners Office would have to be informed within 72 hours.
- You can request information to be collected for tickets or event sign-ups;
- This is stored securely by the Guild.
- You must not give out any personal data to anyone without the owner's consent - you should have this in writing as proof.
- If there is any information you would like to collect, please contact A&V and we can advise you the best way to go about it.
Work through our GDPR Checklist to make sure you are compliant - Download here!
You can find out more information about GDPR in general at www.exeterguild.org/dataprotection/.
If you have lost personal data, had someone unauthorised access personal data or suspect that this has happened, please let the Guild know within 24 hours by contacting the Activities Team or emailing email@example.com.