Today, 25 May, the new General Data Protection Regulation came into force. This is European Union legislation applying across Europe. Strictly speaking, it applies to the EEA, which Britain may or may not belong to after Brexit: but the Data Protection Act currently before Parliament will continue GDPR in force in the UK in any case, so for organisations like us, GDPR is our future whatever happens at Westminster.
It's possible to exaggerate the effect of GDPR. If you're a body which doesn't store data on whole populations, and doesn't do anything intruding into people's personal lives, and isn't trying to create new business models based on surveillance, then GDPR is really only a sensible charter of good practice, much of which was already law anyway under the Data Protection Act 1998. Nevertheless, like all charities and most companies, we have tightened up and formalised our practices. Most of that work is internal, but here's how it might affect people outside the Association:
(a) The Trustees have appointed a Data Protection Trustee to manage our compliance, and to act as a point of contact with the public and the UK regulator. The DPT can be reached at firstname.lastname@example.org.
(b) We have published a new Privacy Statement on this website. This now covers your rights as a data subject, and what you can expect from us. For the most part this is an extension of what was previously there, since data subjects now have new rights, but we did also remove one previous clause. We used to notify people that we were an Amazon affiliate, i.e., we took a small cut from purchases through "Buy at Amazon" links: but since we no longer do that, the notification is gone too.
If you need to know more, we're happy to answer questions, and indeed under GDPR you may have a right to know more, so please feel free to contact us.