data-protection-2018-business_0Many of us Choir Leaders have an email list to communicate with our members and people who have attended our workshops etc. We are also on other people’s lists, of course. There is new legislation coming into force in May 2018 (the 25th May to be exact), called GDPR (General Data Protection Regulation). It will affect us as individuals and as choir leaders.

In this article, I will outline my understanding of the GDPR’s effects on us as choir leaders and some suggestions as to action we need to take to be compliant and to make it as easy as possible.

What I talk about here applies to all businesses and individuals who hold personal information about people “outside the personal sphere, for socio-cultural or financial activities”. I’m using Choir Leaders as my main example.

What is the GDPR?

The GDPR is legislation coming from the EU which aims to give people more control over their personal data. Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

It is technology neutral and applies to both automated and manual processing, provided the data is organised in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system or on paper; in all cases, personal data is subject to the protection requirements set out in the GDPR.

Examples of personal data that we as choir leaders are likely to use

  • a name and surname;
  • a home address;
  • an email address;
  • an identification card number – less likely but some choirs have membership cards;
  • a cookie ID – if you have a website and use cookies to track visitor numbers etc.;

So if we:

  • hold a list of our choir members on paper, on our phone or on a computer;
  • chimp logo for MailChimphave email addresses of members whether on our phones, computers or held by an email list provider such as MailChimp (I use MailChimp for my Singers list);
  • have a website that uses cookies that may be looked at by a resident of the EU;
  • have members who are residents of the EU;

we need to make sure we comply with the regulation.

What does “compliance” mean?

In a nutshell, when we record our singers’ information, we should explain in clear and plain language why we need the information, how we’ll use it, and how long we intend to keep it. We need to make sure the information is secure. We also need to let them easily update the details we hold and/or remove themselves from our lists.

In “Officialese”:

  • To comply with the GDPR we need to make sure that we hold and process data about people “lawfully, fairly and transparently”.
  • We have to hold data for specific purposes and make sure individuals know what those purposes are. For example, we might hold email addresses so that we can let our members know dates and times of rehearsals; details of concerts and gatherings; let them know about our workshops and holidays; let them know about other opportunities with other singing leaders that they may be interested in etc.
  • We must only hold and use information that is for a specific purpose. For example, we should only hold a postal address if we intend to send information to someone.
  • We need to make sure the information is correct and up-to-date and we can’t use it for a purpose that it wasn’t originally intended for. And we shouldn’t hold it any longer than it is needed.
  • We must make sure the information is secure.
  • Most importantly we need the explicit consent of anyone whose personal information we hold.

What do we need to do?

If we communicate with our singers by email we need to

  • get their explicit consent to do so;
  • have a secure way of storing the information (so keeping names and addresses in a notebook or on our laptops or mobile phones won’t be sufficient);
  • give them an easy way to update their details – and we will want to make that as easy as possible for us;
  • give them an easy way to come off our list(s) – and we will want to make that as easy as possible for us;

Would you like my help?

Starting to use a mailing list provider like MailChimp can be daunting. I’m going to be recording a couple of videos about it so watch this space, comment below or follow my Facebook page TheSingingGeek You could also sign up for my Singing Leader mailing list, to be notified about tech-y/web-y things to do with choir leading and other such buinesses. (I use a different provider for my Singing Leader list than my Singers list, by the way).