On 28 May 2018, the EU General Data Protection Regulation (GDPR) comes into force. A summary of just how this affects you as an individual is included below, but for more comprehensive details of the regulation see the link at the bottom of this page.
If you have registered for access to the RAFARS Member Area, the Webmaster holds the following information:
- RAFARS Number
- First Name
- Email address
- Computer IP address (recorded when you log into the website Member Area)
The new regulation requires direct and not implied consent for this information to be held. Although 'implied' consent would have been given by submitting the website registration form to apply for a password for the Member Area, this does not consitute direct consent under the new regulation. In order to comply with the GDPR, the website registration form now has an un-ticked 'tick-box' to confirm consent. Members accessing the registration form will be required to give consent by ticking the box before submitting the application.
Members who registered before the consent tick box was added on 2 March 2018 will need to log into the RAFARS Member Area and visit the 'Member Profile Update' page. In order to give consent, the tick-box must be ticked and the 'Update' button clicked. If a member subsequently decides to withdraw consent, the box on the Update form can be unticked and the update button will submit this intent.
Members who have not given consent for the above data to be held by 25 May 2018 will have their data deleted from the Member Area password list.
If a member misses the deadline but still wishes to access the RAFARS website Member Area, they can complete the registration form with the consent tick-box and resubmit it.
Any member has a right under the new regulation to request a copy of any personal information held in the Member Area password list. Also, members have a right to request that any data held is deleted. Please note that the computer IP addresses recorded when a logon attempt is made are only used to block the IP addresses of hostile attempts by non-members to access the password protected area. The information held in the password list is not passed on to any third-party and is only held to allow the Member Area access system to operate.
General Data Protection Regulation (GDPR) Summary
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organisations in non-compliance may face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
When is the GDPR coming into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
For more comprehensive information, see the Home Page of the EU GDPR at the link below: