GDPR Regulations Now Available

Data protection law is changing – get your WI ready by 25 May 2018. The following is from NFWI MyWI:
 
Today, more personal information is held digitally than ever before and it travels with ease across borders. The General Data Protection Regulation (GDPR) was created by the European Union to protect and empower EU citizens’ data privacy and to reshape the way organisations across the region approach this issue. The regulation will apply in the UK from 25 May 2018The GDPR replaces the Data Protection Act (1998).   Recently, the UK Government also introduced a Data Protection Bill to make provisions for how GDPR applies in the UK. This document should be read in tandem with the GDPR.   

How does the GDPR apply to your WI?

WIs process personal data about individuals in order to provide membership services and to operate efficiently. Personal data is information that identifies an individual such as: a name, postal address, telephone number, financial details and any opinions expressed about the individual. A photo or a video recordingcan also constitute personal information.  Special categories of personal information may include racial or ethnic originpolitical opinions, religious beliefs, trade union activities, physical or mental health and sexual life. Personal data can be stored electronically in a file or database (e.g. the MCS) but it can also be physically stored in a drawer or cupboard (e.g. WI member details form). The current Data Protection Act (1998) allows WIs to use personal data in line with eight data protection principles. They require that any personal data shall be:

  1. used fairly and lawfully
  2. used for limited, specifically stated purposes
  3. used in a way that is adequate, relevant and not excessive
  4. accurate
  5. kept for no longer than is absolutely necessary
  6. handled according to people’s data protection rights
  7. kept safe and secure
  8. not transferred outside the European Economic Area without adequate protection
 

In many ways, the GDPR is similar to the Data Protection Act (1998). They are both founded on principles that your WI must interpret based on the type of personal data you handle, the level of sensitivity of that information and the level of risk you are willing to take. The biggest change with the GDPR is about transparency and accountability.  

In other words: Can your WI demonstrate that it understands how it is collecting, handling, using and justifying personal information? 

To be genuinely transparent your WI needs to know:
  • what personal information you hold, where it came from and who has access to it
  • why you are collecting the personal information, by identifying the lawful basis for the processing. The three most relevant conditions for processing for WIs would be: consent, performance of a contract and legitimate interest.
  • how long you are going to retain it for
  • who you share it with
  • to inform the individual of the above (and make sure this is recorded)
 
To be genuinely accountable your WI needs to demonstrate how you comply with the GDPR. One of the most fundamental changes with the GDPR is stricter requirements for personal data that is collected based on consent. For example if a member gives consent for her photo to be taken, this needs to be recorded, managed and updated.
 
Individuals also have eight fundamental rights under the GDPR. These are:
  1. to be informed – what data is held, how it is used, why it is used etc.
  2. access – the data you hold on that individual
  3. rectification – the ability to correct incorrect information
  4. erasure – the right to be forgotten
  5. restrict processing
  6. data portability – to receive information from a data controller in a commonly used format, (i.e. a Word or Excel file)
  7. object; and
  8. not to be subject to automated decision-making including profiling
 

Other changes

If your WI receives a request from a member to see their personal information (a subject access request) you need to provide this information to the member within new timescales and requirements. When you carry out a new project you need to make an assessment of the risks involved with using personal information in that project.  You should make sure you have the right procedures in place to detect, report and investigate a data breach. A data breach occurs if personal data is accidentally accessed by an unauthorised person, or if a significant set of personal data is altered, disclosed, destroyed or lost. For example an attendance list that is lost on a train or a member’s email address that is shared with a non-member without their consent. The penalty fines for organisations that do not comply with the GDPR could reach an upper limit of €20 million or 4% of annual global turnover (whichever is higher). There will be no requirement for organisations to register with the ICO, but they will need to pay annual fee. The payment structure is yet to be determined. WIs are generally exempt from registration and the payment of the annual fee.

 

What is the NFWI doing?

The NFWI is here to support WIs in your work to ensure compliance to the GDPR. We strongly encourage your WI to go through the resources below to get an overview of the GDPR and what you need to do to prepare for the changes. As always NFWI staff are on hand to try and help with any queries and concerns.

 

Your guide to the GDPR

General Data Protection Regulation

The Information Commissioner’s Office (ICO) is a UK independent authority that regulates privacy laws in the UK. They are continuously developing helpful guidance on Data Protection and the forthcoming GDPR. Somehelpful resources include:

Guide to Data Protection

Electronic Marketing

Getting ready for the GDPR

Data Protection Bill

Follow our advice for sharing photos and videos of individuals on social media… >

 

 

Helpful documents

 

Consent-guidelines.pdf

11.05.2018

An explanation of what consent and other lawful bases mean.Download >

 
 

GDPR-Practical-steps-and-examples-for-federations-and-WIs.pdf

11.05.2018

Practical advice and examples for federations and WIs to comply with the GDPR.Download >

 
 

NFWI-Legitimate-Interest-Assessment-LIA.docx

11.05.2018

A checklist to help you assess whether there is a legitimate interest behind the processing.Download >

 
 

WI-Data-Mapping.xlsx

11.05.2018

A record of processing activities to help your WI comply with the GDPR.Download >

 
 

GDPR-guidance-for-WIs-and-federations.pdf

11.05.2018

This document will help prepare your federation or WI for the General Data Protection Regulation..Download >

 
 

WI-Member-Registration-Form.pdf

11.05.2018

In order to comply with the GDPR, we have created a new member registration form..Download >

 
 

Guidance-for-WI-Secretaries.pdf

11.05.2018

As a WI Secretary we are asking for your assistance in communicating the changes to..Download >

 
 

NFWI-Online-Privacy-Notice.pdf

11.05.2018

This privacy notice provides information about the different types of personal information that we collect..Download >

 
 

Data-Protection-Guidance-for-WIs-February-2017.pdf

05.06.2017

Data protection guidance for all WIs (published February 2017).pdfDownload >

 
 

Online Booking Now Live For Denman

 

Yes, Denman have gone fully digital with their bookings which should reduce the strain on their phone lines too. So take a look at their website updates and see if there’s anything that takes your fancy.


Sports Week is back for 2018!

WI Sports Week is making a welcome return in 2018!

After the popularity of the first WI Sports Week, held in 2016, the week-long sports event is being repeated in 2018 (and will continue to occur biannually). From 15th – 22nd September 2018 why not offer your members the chance to try out some new, different or maybe challenging sports activities. Last time we had WIs completing a variety of challenges from abseiling, to tennis, to weight training to archery. Lots of local venues, particularly places such as scouting and guiding centres offer taster classes for very reasonable rates. Let us know your plans beforehand by dropping us an email with details of what you’ve got organised. And obviously once the events are underway, we’d love to see all your photos of what you all got up to! Here’s some members from the last Sports Week in 2016…


 

WI members to get a WIggle on

England Netball and The NFWI are delighted to announce a partnership that will see Walking Netball sessions provided to WIs across the country. An open application period saw over 200 WIs express an interest in being part of this exciting project. Find out more about this here: Get A WIggle On!


 

MyWI Launched By NFWI

How can I help my WI members access this new service?

If you haven’t yet received a ‘Welcome to the Digital WI’ email with your ‘My WI’ login details, you can now request access to the site online. Simply go to https://mywi.thewi.org.uk/ and press the ‘Request Access’ button. Alternatively please call us on 020 7371 9300 and select option 0 to get set up over the phone. ‘My WI’, the dedicated WI membership site is now live. Find more information below. What is My WI? My WI is a new NFWI website that’s exclusive to WI members, to help them get the best from their membership. From the latest NFWI information and advice for running your WI, to campaigns actions and inspiring cookery, craft and floral design projects that have been specially designed for members – My WI is a one-stop-shop for everything a WI member needs to know. When can I access it? The website officially launched at the NFWI Annual Meeting on 7 June and all members have been gradually receiving detailed instructions explaining how to access the site since Monday 12 June. If you haven’t yet received a ‘Welcome to the Digital WI’ email with your ‘My WI’ login details, you can now request access to the site online. Simply go to https://mywi.thewi.org.uk/ and press the ‘Request Access’ button. Please note to ensure your account is secure your personal information is verified manually, which may take up to 5 working days. Alternatively please call us on 020 7371 9300 and select option 0 and we will be able to get you up and running over the phone. Please ensure you have a valid email address registered on the MCS before requesting access, as this is the email address your Digital WI login details will be sent to. You can contact your MCS Rep or Federation if you are unsure. How do I login? An email will be sent to the email address registered on your MCS record. Follow the steps outlined in the email to create a secure ‘Digital WI’ password. Once your password has been set you will be able to use your account to access both the MCS and My WI. The MCS (Membership Communications System) is the secure WI database that holds members’ details and enables communication throughout the organisation. It is important that the information on your MCS record is always up to date. With a Digital WI account you will have full control of your information. Why do I need an email address and password to use My WI? All the membership news, campaigns actions and projects on My WI are exclusive and provided as an additional benefit to help members get the most from the WI. Having a login means only members can access them. What if I am already an MCS user? (WI MCS Rep etc.) If you are already an MCS user and have a password, you won’t need to do anything. You can access My WI now using your existing MCS username and password. Simply visit https://mywi.thewi.org.uk to get started. For more information about My WI, you can download this leaflet from the Communications department.  

NFWI taking part in Show the Love again in 2018

10/24/2017 22687736_10155135384961139_3866236775373900911_n                         Last year 500 members requested the community pack and over 130 WIs sent in photos from their community events. NFWI want to build on this and make 2018 even bigger! A community pack with exciting ways you can take part and new craft and baking templates and green heart stickers will be ready by November. Please email publicaffairs@nfwi.org.uk to receive the community pack and stickers when they are ready, and specify whether you want to receive them via post or email.