Regarding Data protection we do not escape the legislation but have an exemption from registering with the Information Commissioner's Office (ICO) based mainly on keeping only basic membership details and just email addresses with the wider world. We can use the members mobile numbers and emails for messaging to do with EqualsIW. If we start recording that members affirm to various principles, or use our membership list in any other way then we would have to register at a cost of £40 per annmum.
If an encrypted Usb memory stick were used to keep members data that would be unacceptable to the ICO as Usb sticks are easily mislaid. We have to ensure data is not lost as well as it being secure.
Currently there is no definitive list of EqualsIW member that I am aware of. Just a policy of checking once a year after AGM the list of email addresses used for EqualsIW communication. Should a list of members be created we would need to keepit secure and safe. Our mailbox would be ideal for this as it provides long term secure storage that is accessable ony to those that would need it.
Regardless of registering with the ICO we need to have written policies and procedures which include an element of checking that things are done in accordance. We have some policies published on the website at https://www.equalsiw.org.uk/find-out-more/policies.
In addition we have an email policy that ensures we don't keep data for too long. Some important emails are kept permanently. The secretary or IT support (me) checks the mailbox normally monthly and decides whether each email should be kept 1, 3 or 12 months and then deletes out-of-time emails.
We also have an email procedure that was designed for shared use of the mailbox
We also have a procedure when personal data is put on the website. We have adapted it slightly in the light of experience and remain compliant with the legislation as far as we can tell.
1. Photos taken in the street and other public places fall outside the scope GDPA requiring written permission. 2. Photos taken at WOW and similar private places do need some kind of written confirmation. So long as no names are added to the images and Mark emails me to say that everyone involved has agreed to their image being on the website then individual written permission is not taken. 3. If a name is specified a written or emailed permission from thatb person is required and it would be kept in the repository for permanent keeping. We have only done that once.