GDPR and society emails

Slackjaw190

Slackjaw190

Slackjaw190

Associate
Joined
9 May 2005
Posts
858
Location
Devon
I run a golf society with 40 odd members and got told off (rightly I think!) by one member last year for cc’ing members into emails rather than bcc’ing which I have been doing ever since. However, this is becoming a pain for both me and a majority of the other members who can’t see who’s included on a particular email and can’t use the reply all function. Instead they have to come through me to forward the email if they want to send it out to the group as I’m the only one who knows who is in that group, for example, who’s playing tomorrow.

So my question is, does GDPR cover internal groups and can I ask members to opt-in, allowing me to cc them into emails? These emails never get forwarded by me outside the society, although obviously I’d have no control what others would do with them.

I’ve tried googling but I can’t find a similar example and most of it goes over my head.

Dealing with rubbish like this is turning me Pro Brexit :)
 
Slackjaw190 said:
I run a golf society with 40 odd members and got told off (rightly I think!) by one member last year for cc’ing members into emails rather than bcc’ing which I have been doing ever since. However, this is becoming a pain for both me and a majority of the other members who can’t see who’s included on a particular email and can’t use the reply all function. Instead they have to come through me to forward the email if they want to send it out to the group as I’m the only one who knows who is in that group, for example, who’s playing tomorrow.

So my question is, does GDPR cover internal groups and can I ask members to opt-in, allowing me to cc them into emails? These emails never get forwarded by me outside the society, although obviously I’d have no control what others would do with them.

I’ve tried googling but I can’t find a similar example and most of it goes over my head.

Dealing with rubbish like this is turning me Pro Brexit :)
Click to expand...
You do know we voted for it right?

https://www.itpro.co.uk/general-data-protection-regulation-gdpr/what-brexit-means-for-gdpr
The UK has long been committed to the creation of robust data protection laws and was, in fact, one of the principal architects of GDPR. As such, the UK has already agreed that GDPR will be absorbed into UK domestic law as part of the European (Withdrawal) Agreement. Once this happens, we will see both GDPR and the UK's existing Data Protection Act 2018 working in tandem to rule on data cases.
Click to expand...
 
Last edited:
Not sure why you care about GDPR

Perhaps make a forum, so everyone can go there login, and see whats going on via threads/posts

Or perhaps someone sells such a service already which is specifically set up for something like a golf society in mind.
 
Sounds like you need a forum, or a Facebook group, or just a simple Google Groups private group. People can subscribe to receive email notifications for new posts etc if they want.
 
Slackjaw190 said:
So my question is, does GDPR cover internal groups and can I ask members to opt-in, allowing me to cc them into emails? These emails never get forwarded by me outside the society, although obviously I’d have no control what others would do with them.
Click to expand...

You basically have it right. The simplest solution to this is to have all members simply fill in a form to opt-in to sharing their personal details with the whole group. Technically you should have something anyway for you processing the data. I would put it out to the group to see what their thoughts are and if people do have privacy concerns and wish to remain anonymous from the rest of the group then perhaps its worth considering something else. For a club like that i guess email is the best solution, its is very hard to get people to adopt new communications tools.

Tony Edwards said:
You do know we voted for it right?
https://www.itpro.co.uk/general-data-protection-regulation-gdpr/what-brexit-means-for-gdpr
Click to expand...
That might be so, i think everyone supports the advancement of privacy and data protection laws. But GDPR is an awful piece of legislation which really showed how poorly the EU can function at times. So OP's dissatisfaction with that is probably well placed.
 
You should create mailing lists for the different groups and sub groups and use those for sending out emails.

You need a forum/community of some kind to allow members to send messages to each other without sharing personal details, they can then enable email notifications if they want to.
If members want to share private email addresses with each other, leave that to them.

As above a google/facebook group would deal with 99.9% of this for you.
 
MonkeyBasher said:
You should create mailing lists...

You need a forum/community of some kind to allow members to send messages to each...
Click to expand...

Exactly this.

If you need to send 'material' (marketing) out (one-way) then use a mailing list service, MailChimp etc. If you need feedback then as @MonkeyBasher says, use a group/community service like a forum or social-media.

And the basics regarding GDPR an emailing - there needs to be an opt-out/unsubscribe option, majority of the above have that ability in some form; and an email address opt-in, usually on the form for sign-up/registration.
 
simply GDPR applies to organisations and companies who are registered via companies house

The GDPR defines an “enterprise” within Article 4(18) as any legal entity engaged in economic activity.

pretty sure your saturday roll up playing for a couple of quid and a round of pints doesnt count

basically tell the nosy busy body to learn the legalities or go do one
 
Last edited:
stuie said:
simply GDPR applies to organisations and companies who are registered via companies house..
Click to expand...

You sure that's the case?

All GDPR advisers (what ever that is worth) i've brought in have said that GDPR mentions that it applies to everyone that handles PII other than for "..personal or household activity". However because of the ambiguity around 'personal' and 'household', they've always advised that if you handle/process or store PII then you need to stick to GDPR.

Arguably i doubt @Slackjaw190 would get dragged across the coals for not implementing and following GDPR but for a few hours work and to keep everyone happy, and arguably making the society better, is it really worth the hassle of telling someone to stuff it?
 
visibleman said:
You sure that's the case?

All GDPR advisers (what ever that is worth) i've brought in have said that GDPR mentions that it applies to everyone that handles PII other than for "..personal or household activity". However because of the ambiguity around 'personal' and 'household', they've always advised that if you handle/process or store PII then you need to stick to GDPR.

Arguably i doubt @Slackjaw190 would get dragged across the coals for not implementing and following GDPR but for a few hours work and to keep everyone happy, and arguably making the society better, is it really worth the hassle of telling someone to stuff it?
Click to expand...

https://gdpr-info.eu/art-4-gdpr/

Also yes this is a personal activity. You make no profit of this, its not for business

Is this a group of friends you deal with on a personal level or are they your customers?
 
Last edited:
I take it email addresses are the only relevant data you hold and process (ie use)

If so, I'd BCC another mass email asking for permission to share email addresses, and work at getting permission from everyone. Get new members to submit their details on a form that require them to give the same permission.

In reality, the ICO is highly unlikely to be at all bothered to deal with a complaint about email addresses (one of the least sensitive sorts of data) getting shared amongst members of a society - especially where it's for the purpose of the business or forwarding the goals of that society.
 
If so, I'd BCC another mass email asking for permission to share email addresses, and work at getting permission from everyone. Get new members to submit their details on a form that require them to give the same permission.
Click to expand...

That's the approach I would take. As I understand GDPR in very simple terms, you need to specify what information you store, and what you will use that information for. So to cover you, you could amend the joining form to clearly state that in supplying an email address, it would be used for mailing information and that the email addresses supplied are shown to all in the group to allow further communication between others. ( The form could also then have an opt-out of the public viewable list. )
 
You must log in or register to reply here.
Back
Top Bottom