GDPR Guidance

Hampshire Neighbourhood Watch Association – General Data Protection Regulations

GPDR (EU-2016/629)

This document is an overview of the changes introduced by the new regulations and supersedes the previous Data Protection Act.

If you keep personal data of NW members on paper or a computer, these regulations apply to you. If your members are registered on the national database through Ourwatch or Hampshire Alert and you communicate via Alert, then there is nothing you need to do to comply.

DON’T PANIC – we just need to take some simple steps to comply

Summary:

  • We DO NOT need to register with the Information Commissioner’s Office as Data Controllers.
  • We DO NOT need to contact all existing NW members immediately. As we routinely check the data for exiting members, we can confirm agreement to holding their data.
  • From now on we need to follow a few simple additional rules about collecting and holding our member’s personal information.

Background:

  • NW Coordinators, groups and Associations who keep personal information about their members become ‘data controllers’ under the GPDR
  • The GDPR widens existing rules to apply to members data if kept on paper and/or computer.
  • The GDPR does not require us to register with the ICO because:
    • We do not keep sensitive information – just contact details
    • We are a ‘not for profit’ organisation – using our data to administer our activities for members or people with whom we have regular contact.

Actions:

These apply to all Scheme Coordinators and local Association:

There are six principles to consider and we can easily comply.

  1. Personal data is processed lawfully, fairly & transparent – we must collect NEW member’s data on a suitably worded application form and retain the signed paper copy.
  2. Personal data is collected for a specific, legitimate purpose – our form must explain who is the data controller, if the data is shared with anyone and for what we use the data.
  3. Personal data collected will be adequate and relevant – we should only collect a members name, address, phone number and email. Holding any other data causes complications within the regulations
  4. Data must be accurate and up to date – we must review the data regularly, every two years will suffice, to ensure it’s up to date and we must record the date of any changes. (If you haven’t done this recently, you should plan to do it asap.) Make sure members know who to contact to update their details and we should update their records as soon as possible.
  5. Personal data must be kept no longer than necessary – personal data must be deleted when no longer required for distributing NW information. When updating member’s details, please delete the previous data and don’t keep old version of spreadsheets.
  6. Personal data must be kept secure – we must ensure adequate security for where we keep our records. Take sensible steps to protect this data.
    1. Computers should have strong passwords and don’t use public Wi-Fi
    2. When you dispose of old PCs or tablets you should wipe or destroy the hard drive
    3. Dispose of old paper records by shredding or burning
    4. Use blind copy (b.c.c) when e mailing to a group of members
    5. Data Controllers must ensure other NW members using the data are aware of their responsibilities regarding security of the data

Conclusion:

  • Items 1, 2 & 3 are covered by collecting personal data on a well-constructed form (examples can be provided)
  • Items 4, 5 & 6 are just good practice for keeping data up to date and secure

More detailed guidance from National NW is on the Ourwatch website: www.ourwatch.org.uk/knowledge/data-protection-guidance-incorporating-gdpr/

There you will also find additional information about the use of CCTV – there are implications if the camera views any area beyond the limit of your home. You will also see details of how to respond to a breach of these regulations.

Bob Combes
HINWA Chairman May 2018