Dear Brother Secretary / Scribe E
May 2018 Data Protection and GDPR
The new data protection legislation (the ‘GDPR’) is expected to come into force on 25 May this year. With this in mind I attach various documents and notes related to it to assist Lodges / Chapters to comply with the impending legislation. I would strongly suggest appropriate members of Lodges and Chapters read the documents carefully (in particular the FAQ document) and in particular arrange as soon as is practicable to:
Customise and adopt the Data Protection Notice within the Lodge / Chapter and formally agree it in open Lodge or Chapter as soon as is practicable.
Bring to the attention of all of their members the Provincial Data Protection Policy and Notice, both of which will be presented for approval at our Annual Craft Meeting in June.
FAQ Point 3 - Ensure security measures are put in place to keep documents and electronic data files safe. This also applies to Lodge / Chapter bank and Treasurer’s records.
FAQ Points 6 & 7 - Review the format and contents and general use of the Lodge / Chapter summons paying particular attention to the section related to personal data.
FAQ Point 8 - Ensuring that when ‘group’ emails are sent (when sending a summons for example) they are Bcc…’d to ensure that the personal email address of another recipient cannot be seen by those receiving the email. Please contact us if you don’t know where the Bcc... ‘button’ is on your email software and we will assist.
FAQ Point 10 - Appoint (if it is deemed necessary by the Lodge / Chapter) one or two individuals to determine how the personal information that is held by the Lodge or Chapter is held (data controllers). This could ideally be a Lodge Secretary, Chapter Scribe E and respective Treasurer. This should be formally proposed and minuted in the Lodge / Chapter and be ‘post specific’ not attributed to a named individual. Some Lodges and Chapters will have already done this following our previous suggestion. Continued… 1
Data Consent Forms Please note that Point 1 in the FAQ document clarifies that it is NOT necessary to request a signed consent form from each Lodge or Chapter member related to Data Protection as they are covered by previous necessary consents through UGLE. This applies as long as the use of data is used for ‘Normal Masonic activities’ (FAQ Point 4). ICO Registration We still recommend that Lodges and Chapters consider their registration with the ICO. See UGLE Guidance Note 31.1.18 point 25 onwards for further information. Updates Further updates in respect of data protection including any extra details related to the FAQ document will be issued when received from UGLE, and for your general information I have included below a link to the UGLE web site which gives information related to the UGLE Data Protection notice which you may find useful. I have also included the previously circulated ICO web address. https://www.ugle.org.uk/data-protection-notice https://ico.org.uk/
Yours sincerely and fraternally,
WBro Tom Gittins, PAGDC Provincial Grand Secretary/Scribe E
2