GDPR - What It Means For You
Unless you've been living under a rock, you will have heard of the GDPR (General Data Protection Regulation) that comes into effect on May 25th.
What you may not know is what it means, how it may affect you and why organisations of all sizes are flooding your inbox with "please click here to say we can contact you" links...
I don't study the law... but what is GDPR?
I don't either so I'll give you the key points!
- is the biggest shake up to data protection regulations in around 20 years and will apply to all EU citizens.
- ensures that organisations process personal data lawfully, fairly and in a transparent manner.
- requires information that is processed to be adequate, relevant and limited to what is necessary for the purpose for which they are processed.
- limits the time that personal data can be identifiable (linked back to a living person) to no longer than necessary for processing.
- demands that organisations process personal data in a secure manner.
That is super
boring interesting, but how does it affect me?
If you're reading this, I presume you're a living person (go away Google bot...) so you are afforded important rights under GDPR. They are...
- The right to be informed - you get to know what information we are processing about you and why.
- The right of access - you can know and access the personal data we are processing about you.
- The right to rectification - if we store data that is inaccurate, you have the right to correct it.
- The right to erasure - in certain circumstances, you have the right to "be forgotten".
- The right to portability - you can obtain and reuse your personal data for your own purposes on other services.
- The right to object - you can tell us that you do not want your data to be processed.
Note that the links provided above are descriptions aimed at organisations, but provide more detail on each right.
So what is VATSIM UK doing about all of this?
We mainly act in the capacity of a processor to facilitate your membership to VATSIM.net. That means that when you tell VATSIM.net that you want to be a member of the UK division, they pass certain information to us in order for us to give you access to our training system, forum and other services.
However, we do collect some information directly from you. For example, your IP address when you connect to one of our services.
Queries regarding the data we hold on you, in the interim, can be requested via a Subject Access Request.
As we do not receive a positive "opt in" from members to have other members email them through Core's "Email a Member" function, we will be disabling that for the time being.
If you wish to communicate with other members, please use the Forum's Messenger. Notifications for this can be configured here.
Subject Access Request? Time to request all of my data!
One of the rights I spoke about earlier is "the right of access". This is facilitated via a Subject Access Request (or a "SAR").
Whilst we are happy to review any SARs that we receive, there are a few things to keep in mind...
- We have the right to refuse to respond to manifestly unfounded or excessive requests.
- We have up to one month to provide the information.
- We can extend the deadline by a further two months where a request is deemed complex.
Please also remember that everyone processing SARs are volunteers. If we spend our days completing these requests, other projects will suffer.
If you believe that you have a legitimate reason to make a SAR, please email your request to email@example.com. Guidance on writing your request can be found on the ICO's website.
This post isn't designed to cover every question. It is simply here to inform you of what GDPR is, how it will affect you and what we are doing about it.
Still got questions? I'm about on Slack, TeamSpeak and Email - just ask!
Report News Article