Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

GDPR in Hobby Group

  • 03-06-2019 8:57pm
    #1
    gothwalk
    Registered Users Posts: 195 ✭✭


    Hi. I'm sorry to come bombing in here with a GDPR question; I recognise they're pretty horribly uninteresting. Nevertheless...

    I'm the chair of a local hobby group (medieval re-enactment, the Dublin/East Coast branch of the Society for Creative Anachronism). We're classed as an unincorporated association, as far as I'm aware.

    For purposes of insurance, there is a Community Interest Corporation in the UK, which handles such matters for the UK and Ireland. We require members of our group to pay a subscription fee to that company to fund the insurance and our affiliation fees for the American SCA Inc, the core company.

    The CIC has a list of members. As chair of the local group, I would like to know what members are in my area (this helps in determining what we can do over the coming year, both in numbers and in the expertise of specific people). While the CIC board is perfectly happy to give me this information, neither I nor they are certain that they are allowed to do so under GDPR - since the local group is an unincorporated association, we're not in any legal way part of the CIC.

    We have various informal ways of arriving at this information (posting on the Facebook group saying "if you're paid up with the CIC, let me know" or the like), so it's not crucial, and I can't see any authority coming after a small hobby group for breach of GDPR in this kind of case, but we'd like to know whether it's above board or not.


Comments

  • #2
    ILoveYourVibes
    Registered Users Posts: 15,176 ✭✭✭✭ILoveYourVibes


    As far as I know the CIC can only use information for the purpose it was gained.

    They need consent for more. They need consent for processing and sharing it.
    If they have let people know of their GDPR policy and this includes sharing it with you and your club has let its members know of the clubs GDPR policy that is fine and you have consent its fine.

    It might be easier to get it from your members yourself. Then you request consent.
    The club’s identity and contact details the reasons for collecting the data the uses it will be put to how long you will keep it who it will be disclosed to and you demonstrate consent was given ..like with a tick box.


    You can get drafts for the forms.


    But as far as i know no they cannot share it with you unless they have consent to.


    Someone else in the thread will probably be able to give better info tho incase i have no idea of what i am talking about which is likely :) Don't worry an adult will be along in a mo.


  • #3
    Victor
    Registered Users Posts: 78,239 ✭✭✭✭Victor


    If your objective is to see who has insurance, before you slap them with a timber sword, there may be a few options.

    Get them to complete a consent form, saying they consent to you obtaining their insurance status from CIC and for CIC to give you that information. Alternatively, that consent form could be addressed to CIC.


  • #4
    Vetch
    Closed Accounts Posts: 422 ✭✭Vetch


    If members have to join annually and pay a fee to you, it would be cleaner to ask them to provide you with an up to date insurance cert to secure membership.


  • #5
    corkboy38
    Registered Users Posts: 177 ✭✭corkboy38


    The world's gone GDPR mad. I've even seen US people quote GDPR


  • #6
    Firefox11
    Registered Users Posts: 1,515 ✭✭✭Firefox11


    corkboy38 wrote: »
    The world's gone GDPR mad. I've even seen US people quote GDPR

    I deal with GDPR on a daily basis and from what i've seen a lot of people couldn't care less about the huge amount of personal data they give to large multinational corporations if they are getting a free service out of it.


  • Advertisement
  • #7
    Riskymove
    Registered Users Posts: 10,885 ✭✭✭✭Riskymove


    ILoveYourVibes wrote: »



    But as far as i know no they cannot share it with you unless they have consent to.

    just to be clear

    Consent is only one of six approaches identified as a "lawful basis" in GDPR

    So while you need to have a lawful basis for processing, it does not have to be based on consent.

    Other examples include a legal obligation or as part of a contract.


  • #8
    gothwalk
    Registered Users Posts: 195 ✭✭gothwalk


    This was all helpful, thank you!

    It turns out that the signup form by which people join says that details can be passed to officers in the wider organisation when necessary, and gives a relevant example, so it seems pretty clearly ok.


Advertisement