Preparing for the GDPR (General Data Protection Regulation)
Background
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR will enter into force in all European Union countries on May 25th, 2018.
Ref: GDPR -Wikipedia
District Privacy Policy
You can read our Privacy Policy here.
Training
During June 2018 Tobias Schlosser from D95 and Francesco Fedele from D59 have run three editions of a one-hour webinar for District Officer, to which over 100 D.O. have attended – you can access the recording of this webinar here.
Francesco Fedele conducted a brief training for Club Officer – the recording is available here.
GDPR and Toastmasters International
Our District core team has been in touch with Toatmasters International world headquarters Legal department. They have informed us that they are aware of the upcoming changes and that their team is working on proper procedures and policies which will be communicated with the clubs and districts in the near future. Toastmasters International will make sure their system fully supports GDPR by May 25th, 2018. They have issued all clubs the following advice:
For guidance on how to be compliant, please refer to the helpful links below:
GDPR Guide – Find answers to common GDPR questions.
GDPR Guidance Chart – See how the process works step by step.
Club Privacy Notice – This notice must be signed by all members and guests of your club.
Additionally, we encourage you to visit the Guide to the GDPR to learn more about the regulation and to access useful tools. The date for compliance is fast approaching and we hope that these documents help you to quickly and accurately achieve compliance.
If you have any questions, please contact legal@toastmasters.org.
GDPR and easy-Speak
Most of our clubs use easy-Speak to manage the meetings and store data about the members and guests. Thanks to the efforts of Malcolm (the creator of this great tool) easy-Speak is being updated to fully support the GDPR by May 25th, 2018, and allows each club to correctly manage data about members and guests.
The Privacy Policy and Terms and Conditions have been updated, and they are now also included in the Regisration screen for new users and displayed, with revision date, at the foot of all pages.
GDPR foresees that everyone has the right to be forgotten by the system, which means that upon request we should be able to delete all records of that person. For that a ‘right to be forgotten’ option will soon be available, together with a ‘right to know what we keep’ option. Users are prompted to review their personal data, including privacy choices and the Privacy Policy, at least once every 12 months – you may also have noticed recently that there is a box that invites you to update your personal data with attention to its privacy settings. The box says:
It has been some time since you reviewed your personal settings, including your privacy choices. Keeping your personal information up to date can help better protect your account. easy-Speak allows you to choose whether the public, club members or only Club and District officers are able to see your name and phone numbers etc. You may also exercise your right to be forgotten - to remove all data, including membership of any clubs known to easy-Speak.
Finally easy-Speak has been modified so that users are now given the option to remove themselves from any club, where they may have been a member or made a guest speech in the past for example, without removing all their data.
GDPR Committee
There is a Europe-wide team with representatives from each District looking at issues connected with GDPR, which is concerned not only with tools like easy-Speak but tries to have a considered and consistent approach to all that surrounds GDPR, including the parties, connections and responsibilities, and how tools like easy-Speak fits into that. This committee is also working with representatives from Toastmasters International, especially on legal matters.
If you would like to contribute to these committee and its work please contact our IT Manager at itm@district59.org.
Supporting documents
Whilst we await further details, please see the document, Preparing for the General Data Protection Regulation. The document outlines 12 steps to consider, please could you ensure that ALL club Presidents and VPE’s have reviewed all the steps, with particular attention to the following:
- Awareness
- Information you hold
- Communicating privacy information
- Individuals’ rights
- Subject access requests
- Consent
- Data Breaches
- Data Protection Officers
If your club is collecting information about its guests and/or members make sure that the privacy notice supports the GDPR – see Examples of privacy notice.
GDPR in the various countries of our District
The European Union link to GDPR is available here.
If your club is located in France you might want to take a look at the info available on the site of the CNIL on “RGPD”.
If your club is located in Italy you might want to take a look at the info available on the site of the “Garante per la protezione dei dati personali”.
GDPR may affect even clubs in Switzerland, which is not part of the EU, since those clubs use easy-Speak and since they manage personal data of members and some of their members are European citizens.
If you would like to contribute info and guides for other countries please contact our IT Manager at itm@district59.org.
This page will be updated once we receive further details.
(thanks to our cousins at District 91 for the basis of this text and some of the links).