GDPR and the house group - the background

The new General Data Protection Regulation (GDPR) takes effect from next Friday, the 25th May.  The new regulation affects the Ben Jonson House Group.  In this post I'll just explain the context and terminology, and will follow up with a post about how this applies to the operation of the house group and to the personal data of house group members.

In the terminology of the regulation the house group is a data controller because we collect personal information from EU citizens.  More precisely the house group collects informations on the owners and residents of flats in Ben Jonson House who are referred to as data subjects in the GDPR regulation.   We currently collect personal information using a third-party membership system called membermojo.  In the context of GDPR, membermojo is a data processor.

Member mojo explain GDPR and their role as follows.  In this, when they say 'you' and 'your', they mean the house group (the data controller):

membermojo provides online membership services for organisations. 

In data protection terms we are the data processor for your organisation member data, and your organisation is the data controller. (ICO key definitions) 

We provide the tools and controls that help implement your organisation's GDPR compliant privacy policy for managing personal member data.  This includes:

• What personal data is stored - you define the personal data (membership form) that needs to be held for your organisation.
• Gaining consent - your form can include 'accept terms' fields that must be ticked before the form completes. We store the date that the application, and therefore the consent, was completed.
• Where data is stored - all servers and backups are hosted in secure UK facilities.
• How data is protected - we provide security and access controls for your member data.
• How long data is kept for - you define how long personal data is retained and we automate the deletion.

We also provide functions that assist members and administrators to exercise individual rights under GDPR.

• Right to access - members can sign in to view their own personal data.
• Right to rectification - members can sign in and amend their own personal data.
• Right to Erasure - administrators can securely delete personal data for members requesting their data be erased. Erasing a member will remove their member record and anonymise any activity, attendance and (optionally) payment records.

Related topics:

• Privacy Policy describes how we handle your member data.
• Terms and Conditions provide the written contract required by GDPR between data controllers and processors.
• membermojo security.
• More details on data protection principles and GDPR can be found on the Information Commissioners Office (ICO) website.