Jump to content

GDPR - What It Means For You

VATSIM UK Web Services

Entry posted by VATSIM UK Web Services in United Kingdom ·

1836 views

 Share

Unless you've been living under a rock, you will have heard of the GDPR (General Data Protection Regulation) that comes into effect on May 25th.
What you may not know is what it means, how it may affect you and why organisations of all sizes are flooding your inbox with "please click here to say we can contact you" links...

I don't study the law... but what is GDPR?
I don't either so I'll give you the key points!

GDPR...

  • is the biggest shake up to data protection regulations in around 20 years and will apply to all EU citizens.
  • ensures that organisations process personal data lawfully, fairly and in a transparent manner.
  • requires information that is processed to be adequate, relevant and limited to what is necessary for the purpose for which they are processed.
  • limits the time that personal data can be identifiable (linked back to a living person) to no longer than necessary for processing.
  • demands that organisations process personal data in a secure manner.

That is super boring interesting, but how does it affect me?
If you're reading this, I presume you're a living person (go away Google bot...) so you are afforded important rights under GDPR. They are...

Note that the links provided above are descriptions aimed at organisations, but provide more detail on each right.

So what is VATSIM UK doing about all of this?
We mainly act in the capacity of a processor to facilitate your membership to VATSIM.net. That means that when you tell VATSIM.net that you want to be a member of the UK division, they pass certain information to us in order for us to give you access to our training system, forum and other services.

However, we do collect some information directly from you. For example, your IP address when you connect to one of our services.

We are creating two new policies to ensure that we are transparent about our use of your personal data; the Privacy Policy and the Data Protection & Handling Policy. All members will be required to agree to these before continuing to use our services. We expect these policies to be made available shortly.
Queries regarding the data we hold on you, in the interim, can be requested via a Subject Access Request.

As we do not receive a positive "opt in" from members to have other members email them through Core's "Email a Member" function, we will be disabling that for the time being.
If you wish to communicate with other members, please use the Forum's Messenger.  Notifications for this can be configured here.

Subject Access Request? Time to request all of my data!
Steady on.

One of the rights I spoke about earlier is "the right of access". This is facilitated via a Subject Access Request (or a "SAR").
Whilst we are happy to review any SARs that we receive, there are a few things to keep in mind...

  • We have the right to refuse to respond to manifestly unfounded or excessive requests.
  • We have up to one month to provide the information.
  • We can extend the deadline by a further two months where a request is deemed complex.

Please also remember that everyone processing SARs are volunteers. If we spend our days completing these requests, other projects will suffer.
If you believe that you have a legitimate reason to make a SAR, please email your request to [email protected]. Guidance on writing your request can be found on the ICO's website.

This post isn't designed to cover every question. It is simply here to inform you of what GDPR is, how it will affect you and what we are doing about it.
Still got questions? I'm about on Slack, TeamSpeak and Email - just ask!

 Share

1 Comment

Recommended Comments

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...