GDPR Regulations Now Available
How does the GDPR apply to your WI?
WIs process personal data about individuals in order to provide membership services and to operate efficiently. Personal data is information that identifies an individual such as: a name, postal address, telephone number, financial details and any opinions expressed about the individual. A photo or a video recordingcan also constitute personal information. Special categories of personal information may include racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health and sexual life. Personal data can be stored electronically in a file or database (e.g. the MCS) but it can also be physically stored in a drawer or cupboard (e.g. WI member details form). The current Data Protection Act (1998) allows WIs to use personal data in line with eight data protection principles. They require that any personal data shall be:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
In many ways, the GDPR is similar to the Data Protection Act (1998). They are both founded on principles that your WI must interpret based on the type of personal data you handle, the level of sensitivity of that information and the level of risk you are willing to take. The biggest change with the GDPR is about transparency and accountability.
In other words: Can your WI demonstrate that it understands how it is collecting, handling, using and justifying personal information?
- what personal information you hold, where it came from and who has access to it
- why you are collecting the personal information, by identifying the lawful basis for the processing. The three most relevant conditions for processing for WIs would be: consent, performance of a contract and legitimate interest.
- how long you are going to retain it for
- who you share it with
- to inform the individual of the above (and make sure this is recorded)
- to be informed – what data is held, how it is used, why it is used etc.
- access – the data you hold on that individual
- rectification – the ability to correct incorrect information
- erasure – the right to be forgotten
- restrict processing
- data portability – to receive information from a data controller in a commonly used format, (i.e. a Word or Excel file)
- object; and
- not to be subject to automated decision-making including profiling
If your WI receives a request from a member to see their personal information (a subject access request) you need to provide this information to the member within new timescales and requirements. When you carry out a new project you need to make an assessment of the risks involved with using personal information in that project. You should make sure you have the right procedures in place to detect, report and investigate a data breach. A data breach occurs if personal data is accidentally accessed by an unauthorised person, or if a significant set of personal data is altered, disclosed, destroyed or lost. For example an attendance list that is lost on a train or a member’s email address that is shared with a non-member without their consent. The penalty fines for organisations that do not comply with the GDPR could reach an upper limit of €20 million or 4% of annual global turnover (whichever is higher). There will be no requirement for organisations to register with the ICO, but they will need to pay annual fee. The payment structure is yet to be determined. WIs are generally exempt from registration and the payment of the annual fee.
What is the NFWI doing?
The NFWI is here to support WIs in your work to ensure compliance to the GDPR. We strongly encourage your WI to go through the resources below to get an overview of the GDPR and what you need to do to prepare for the changes. As always NFWI staff are on hand to try and help with any queries and concerns.
Your guide to the GDPR
General Data Protection Regulation
The Information Commissioner’s Office (ICO) is a UK independent authority that regulates privacy laws in the UK. They are continuously developing helpful guidance on Data Protection and the forthcoming GDPR. Somehelpful resources include:
An explanation of what consent and other lawful bases mean.Download >
Practical advice and examples for federations and WIs to comply with the GDPR.Download >
A checklist to help you assess whether there is a legitimate interest behind the processing.Download >
A record of processing activities to help your WI comply with the GDPR.Download >
This document will help prepare your federation or WI for the General Data Protection Regulation..Download >
In order to comply with the GDPR, we have created a new member registration form..Download >
As a WI Secretary we are asking for your assistance in communicating the changes to..Download >
Data protection guidance for all WIs (published February 2017).pdfDownload >
Online Booking Now Live For Denman
Yes, Denman have gone fully digital with their bookings which should reduce the strain on their phone lines too. So take a look at their website updates and see if there’s anything that takes your fancy.
Sports Week is back for 2018!
WI Sports Week is making a welcome return in 2018!
After the popularity of the first WI Sports Week, held in 2016, the week-long sports event is being repeated in 2018 (and will continue to occur biannually). From 15th – 22nd September 2018 why not offer your members the chance to try out some new, different or maybe challenging sports activities. Last time we had WIs completing a variety of challenges from abseiling, to tennis, to weight training to archery. Lots of local venues, particularly places such as scouting and guiding centres offer taster classes for very reasonable rates. Let us know your plans beforehand by dropping us an email with details of what you’ve got organised. And obviously once the events are underway, we’d love to see all your photos of what you all got up to! Here’s some members from the last Sports Week in 2016…
WI members to get a WIggle on
England Netball and The NFWI are delighted to announce a partnership that will see Walking Netball sessions provided to WIs across the country. An open application period saw over 200 WIs express an interest in being part of this exciting project. Find out more about this here: Get A WIggle On!
MyWI Launched By NFWI
How can I help my WI members access this new service?
NFWI taking part in Show the Love again in 2018
10/24/2017 Last year 500 members requested the community pack and over 130 WIs sent in photos from their community events. NFWI want to build on this and make 2018 even bigger! A community pack with exciting ways you can take part and new craft and baking templates and green heart stickers will be ready by November. Please email firstname.lastname@example.org to receive the community pack and stickers when they are ready, and specify whether you want to receive them via post or email.