GDPR and stupidity

My accountant has usually, by the end of April, contacted me to ask for all the year's bunff to cook my books, calculate tax, etc. This year, nothing yet. So I rang them, and they said they'd been delayed by all the GDPR compliance. Oh well. I can wait.

Never wanting to be left out of anything, we have updated our Privacy Statement - which you are invited to inspect if you so wish. Post any queries here. To be fully compliant we will probably send out an email to members at some point indicating what information is held and what use is made of it (if any).

In terms of the membership list, there will be a clear-out of some dead wood (such those who registered to join but never got round to replying to the verification email), before attempting a mass mailing. The record for a registered non-poster technically goes back to 2007 (joined the original FoR3 forum of which this is a reversioning ).

Thanks once again, ff.

We do appreciate it.

Have been in consultation with various over this. General feeling is that the small amount of personal data and the fact that data is/are put exclusively to the running of the forum means we aren't really likely to be guilty of abuse. Nevertheless, transparency is all.

I've also been in conversation with Mark to ask whether we could remove Googleia Analytica which neither of us looks at often. Plan is to remove it tomorrow: I'm going to take a look at the stats today - just checking to see which forums are popular (as a matter of interest/information: poor ratings will not trigger immediate closure )

Sorry to harp on, stupidly but have now looked at the latest analytics for the week May 6th - May 12th which might have some marginal interest for members.

26th most frequent network accessing the site: the British Broadcasting Corporation (ah, bless! )

The most frequently accessed forums/categories:

The Choir
Talking About Music
Record Review
Platform 3
Building A Library (sub-forum)
Jazz

The most frequently accessed threads this last week (NB this will be affected by the age of the thread):

Chapel of Lancing College
What are you listening to now III (sorry, omitted earlier)
Best items of tech
Britten's Winter Words
School Music: Fighting the cuts
Good is not the word
GDPR and stupidity
Chapel of St John's College
Proms 2018
Andrew Lloyd Webber: Credible Composer
Low Pay
The organist doesn't entertain
Brahms Symphony No 1
Eternal Breakfast
Pavel Kolesnikov
Bargains
Gramex
Lili Boulanger
Mahler 1

the rest …

When I first read this article I thoought it was helpful, but having now read the comments, I think it probably isn't.

The legislation seems to be hugely complex, but there are two main points: how an institution uses your data, and how it stores it.

As I said above, what I am most concerned about is (a) the choirs I sing with and how we can manage not to lose half our email list through the sheer inertia of those who've signed up and don't understand the necessity of signing up all over again - and (b) the musical organisations I have explicity asked to hear from, who may now through sheer inertia (mine) no longer send me the information I want.

What seems clear from the emails I've had so far about this is the complete absence of any information at all on how they are going to store my data. Not that I care particularly, but isn't the point supposed to be that they have to tell me?

Most of it they should have been doing anyway and they've had 2 years to get their heads round it.

At work we've been having to consider this from the point of view of not just a big public body but also the site specific charity which supports our work. It would seem that much(possibly most) of what is needed is what should already have been happening, but the additional work has been to do with ensuring each person whose details are held is made aware of the relevant privacy/data use policies - having made sure those policies a) exist and b)are fit for purpose. As a lot of work has already been done to get members and passholders onto email rather than snailmail this isn't as much of a problem as it might have been even a couple of years ago.
From a personal point of view I'm glad that companies I may do business with or otherwise contact(eg competitions) must now specifically and always ask if I want them to contact me in future instead of having the automatic opt-in which then - surprise, surprise - is difficult to get out of. I have had occasion to chase up some publishing groups repeatedly for sending unsolicited emails relating to magazines I no longer subscribe to or never have done so in the first place. Invoking the ICO usually sorts it out if all else fails. It's not the nuisance so much as not knowing what they are doing with the information they hold, and where it's going. Now they should be motivated to do better as non-compliance risks a hefty fine.
Of course the extent or not to which UK 'interpretation' of the EU's requirements adds difficulties for those trying to comply is something of an unknown. Past history has not been good in that respect.
This might be of interest/use.

These comments, from below the article I link to in my #21, illustrate that there are two very different ways of looking at this legislation - one, that it is a way of bringing the professionals and the large organisations to book, to make them do what they should have been doing anyway, the other that it's a serious impediment to communication for small organisations.

All a bit of an upheaval, but it should be once and for all. We are adding to our New Members welcome email all the necessary information about the Privacy Statement, cookies etc.

It seems to me there are two aspects: the first is that those with whom a body communicates are aware of what data you hold and what you do with it; the second is that you do not misuse it (most obviously by passing it on to others who might have a quite different use for it).

It's not in future going to be an impediment for small organisations as long as those two principles are adhered to.

I'm not convinced.

The other way this might affect me is through the Allotments Society I'm secretary of. Will the members have the right not to let me store their data? And if so, how am I going to contact them? I have a legal obligation to inform them about the AGM, for example..

As we have some awkward characters (something which never happens with musical organisations) I am dreading that some of them might inist on being contacted by post - just the sort of tactic recommended to discomfit the large organisations.

Are we sure the whole thing isn’t the ultimate Protection Racket?

Does the legal obligation mean you have to contact them, and have confirmation that you have, or is it simply that they have to be able to inform themselves that the AGM and its related matters are going to take place? If the latter, then perhaps a web site notice, and a notice in the Allotments themselves would suffice to discharge any legal obligation.

The constitution says I have to inform them by 'letter or email'. I put up posters on site too, of course, but we don't have a website.

Changing the constitution involves a vote of the AGM, and that, I fear, is likely to be infested with troublemakers.

I'm not going to metion it at this years' AGM unless some troublemaker brings it up first.

(All the horror stories you've ever heard about allotments are basically true.)