Slide 3

Our News and Notices

General Data Protection Act (GDPR)

Central - 25 May 18 General

The new Data Protection Act 2018 (“DPA”) (which applies in England and Wales, Scotland and Northern Ireland) and implements the GDPR comes into force today as I am sure all members will know due to the extensive press coverage.

Hopefully all members will have read or scanned through my editorial in the Journal which highlights the work we have done to prepare for GDPR. Just to emphasis one aspect RNSA is a registered member of the Information Commissioner's Office who have provided comprehensive guide lines to organisations in a document named '12 steps to take now'. RNSA is fully compliant with everything that applies to us in those 12 steps.

I thought it might be useful to alleviate some concerns regarding the lawful basis for communicating with members. I have been asked many times whether RNSA needs the members’ consent to process their data. Fortunately we are like the vast majority of organisations who process data on behalf of their members. We are legal on the grounds of ‘necessity for performance of the contract’ between the organisation and its members i.e. to administer the member’s membership. As such there is no requirement for members to consent to processing for this purpose.

Newsletters and an annual Journal are within the membership package and form part of the contract so RNSA can rely on the grounds of ‘performance of the contract’ as our lawful basis for processing. In accordance with the Act we can also rely on legitimate interests as our lawful grounds for processing.

Just for interest our Webmaster has updated all our privacy notices on the RNSA Website and new joiners will have to agree for their personal information to be held securely in accordance with our internal data protection and security measures.

← Back