The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in twenty years. It comes into effect from the 25th May, 2018 and even after Brexit it will remain domestic policy in the UK.
GDPR is an important amendment to individuals’ rights and every organisation, even churches and charities, have to adhere to its policies. Much of GDPR is already part of organisations’ business models and best practice, but there are some basic changes which are about safeguarding and securing your information, and about being transparent about how organisations process and manage your personal data. GDPR is a necessary and important step in this virtual twenty-first century world, but it is not just about compliance and policy, it is about protecting people and people’s personal information.
RWB Arts Festival GDPR Approach
RWB Arts Festival has always taken the management of your data very seriously, and we already have policies and procedures in place which are designed to manage and retain only what we need to in order to run our Festival. As with many organisations, charitable or commercial, we are undergoing the expected GDPR alignment and audit activities at present to ensure GDPR compliance is achieved throughout our committee and our Festival systems.
Opt In rather than Opt Out
GDPR is very clear that an individual’s choice to say ‘no’ is paramount. Assumed consent is not good enough anymore, you need to be explicit about ‘opting in’. Fortunately, there is only a limited amount of personal data held by us, but please be aware that you may receive communications to ‘opt in’ over the coming days. You can of course contact us on RWBArtsFestival@gmail.com to provide your consent should you so wish.
There is lots of information about GDPR on-line but below are some very basic highlights for you.
Privacy by Design
Privacy by design is not a new concept, but GDPR brings it into the forefront. Article 23 states that only the necessary data will be held and processed, and only those who need to access it to complete the task in question shall be able to.
Right to Access
Part of the expanded rights of data subjects (i.e. you) outlined by GDPR is the right to ask what data we (in this case RWB Arts Festival) hold on you, where and why. We also have to provide you that data should you ask for it. This is about transparency and is one of the key and most laudable changes to the way data is managed.
Right to be Forgotten
As much as you have a right to know what is being held about you, you can also ask for your data to be removed. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
We at the RWB Arts Festival fundamentally support the enhanced rules of protecting personal data and with recent news stories it has become ever more apparent about how important these regulations are in order to protect people.
We will update you with any other relevant information as and when it is necessary. In the meantime, rest assured that we are on track to be GDPR compliant by the 25th May.