GDPR compliance

I would be interested to know how other choirs are preparing for the need to comply with the General Data Protection Regulation which comes into force in May 2018.

The requirements are more onerous than the 1998 Data Protection Act, particularly in obtaining positive to consent from data subjects, and the penalties are vastly higher than previously.

It may seem a long way away, but preparation needs to be thought about in advance.

Dick Price

We're currently working on what it might mean for groups (and for us) and will publish our advice for groups later this year.

At the moment, it's not clear whether or not 'positive consent' will be required/interpreted as severely as is being whispered (e.g. pre-ticked opt-in boxes no longer being acceptable). We're waiting for more clarification on that point, and others, from the ICO.

In the meantime it's worth checking to make sure your group is abiding by the existing regs (especially the Data Protection Act and the PECR - see our resources on both for more info) as these overlap with many of the important bits of the GDPR and so will minimise any additional work required for GDPR.