General Data Protection Regulation
Preliminary Advice For Andover U3A Group Leaders
Issued 25 May 2018
Personal Information is any information that you hold about an individual, e.g. name, email address, telephone number etc..
Assess the Personal Information that you hold:
Is it all relevant to your group’s activities? For example, do you record home addresses but do not
need that information? Only keep what you need, delete the rest.
Is it up-to-date? Carry out a check at least once a year to ensure that members’ details are correct.
Does it identify an individual who is no longer a member of your group? Unless you are keeping it for legal or insurance reasons, you should delete it.
Keep the Personal Information secure:
Make sure that you follow the guidance on the use of firewalls, anti-virus protection etc, and make
sure that your devices always have the latest software updates.
Further useful information can found on these websites:
Do not share Personal Information:
Do not use it for purposes other than those for which it was originally obtained.
Be prepared to provide a copy of the Personal Information that you hold:
The General Data Protection Regulation (GDPR) allows for an individual to make a Subject Access Request, in other words a member can request a copy of all his/her Personal Information held by the Andover U3A. If that individual is a member of your group, then you will have to provide a copy of what you hold.
What to do when an individual leaves your Group:
Unless you need to keep the Personal Information for legal or insurance reasons, you should delete it.
What about paperwork that contains Personal Information?
When no longer required, paperwork should be destroyed in a secure manner, e.g. by shredding.