Andover U3A

General Data Protection Regulation

Preliminary Advice For Andover U3A Group Leaders

Issued 25 May 2018


NB This preliminary advice should be read by all Group Leaders in conjunction with the Andover U3A's Privacy Policy and Data Protection Policy.

Personal Information is any information that you hold about an individual, e.g. name, email address, telephone number etc..

Assess the Personal Information that you hold:

Is it all relevant to your group’s activities? For example, do you record home addresses but do not need that information? Only keep what you need, delete the rest.

Is it up-to-date? Carry out a check at least once a year to ensure that members’ details are correct.

Does it identify an individual who is no longer a member of your group? Unless you are keeping it for legal or insurance reasons, you should delete it.

Keep the Personal Information secure:

Make sure that you follow the guidance on the use of firewalls, anti-virus protection etc, and make sure that your devices always have the latest software updates.

Further useful information can found on these websites:

Do not share Personal Information:

Do not use it for purposes other than those for which it was originally obtained.

Be prepared to provide a copy of the Personal Information that you hold:

The General Data Protection Regulation (GDPR) allows for an individual to make a Subject Access Request, in other words a member can request a copy of all his/her Personal Information held by the Andover U3A. If that individual is a member of your group, then you will have to provide a copy of what you hold.

What to do when an individual leaves your Group:

Unless you need to keep the Personal Information for legal or insurance reasons, you should delete it.

What about paperwork that contains Personal Information?

When no longer required, paperwork should be destroyed in a secure manner, e.g. by shredding.