GENERAL DATA PROTECTION REGULATION
Each student club and society is responsible for its own compliance with data protection legislation insofar as the personal data it holds and uses is outside the control and responsibility of the College and Students' Union. Data protection legislation sets out rules and standards for the use and handling ('processing') of information ('personal data') about living identifiable individuals ('data subjects') by organisations ('data controllers').
Since 25 May 2018, the main piece of relevant legislation is the General Data Protection Regulation (GDPR) and governs how everyone should handle personal data. GDPR is now in force and you need to ensure you are compliant and are not breaking the law - failure to comply may result in disciplinary action and possible legal action.
The below guidance aims to help Birkbeck Students' Union's Clubs and Societies meet their core obligations with regard to data protection legislation.
Under the GDPR, data controllers need to pay fees to the ICO. However, most student societies will be exempt from this requirement because they are small not-for-profit organisations (those data controllers that were exempt from registration with the ICO under the Data Protection Act 1998 are similarly exempt from the requirement to pay fees under the GDPR). The exemption from the requirement to pay fees does not mean that student societies are exempt from compliance with the rest of the GDPR.
Personal Data: According to the law, personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity (i.e. forename and surname, date of birth, email etc).
The GDPR sets out seven key principles:
In order to manage personal data effectively, you will need to think through:
HOW CLUBS AND SOCIETIES SHOULD USE PERSONAL INFORMATION
Some of the reasons why you would collet and process personal information includes:
Currently at Birkbeck, students may choose to use their personal emails as part of their communications with the College, whilst others choose to opt-in and use their College email account (ending with @mail.bbk.ac.uk). Nevertheless, you should treat all information the same.
At times, we may request a data audit and to establish what kind of information does your Society hold.
A committee member should be designated as a Data Controller for the Society. This responsibility should be
As a Society that administrates people's personal details
EVENT TICKETING WITH EVENTBRITE
Birkbeck Students' Unions does not have a contract with Eventbrite. Eventbrite is not engaged as a data processor on the College's or Students' Union's behalf. As a result, Clubs and Societies are advised to not use Eventbrite as a ticketing system. The Students' Union has its own event ticketing systems that allows for both students and non-students to book tickets through the its own website.
Unlike most ticketing services and providers, the main benefit that you will have is that the Students' Union's ticketing system does not charge a fee for payments made through our website.You should not need to use Eventbrite at all, and should rely on the Students' Union's ticketing system.