GDPR is a set of EU (boo! hiss!) regulations covering the collection and storage of data. Just because you are a well-meaning community group fighting for land rights for gay whales, doesn’t mean you are exempt. Falling foul of GDPR will cost time, money and credibility.
|You understand what GDPR is, what it obliges you to do or not do around basic data collection, storage etc. You can comply, only collecting what is essential, and flagging that you are collecting and storing.||You have got relatively foolproof procedures in place that are respected by all members of your group, ensuring that you are GDPR compliant and can prove it. You are keeping tabs on new developments, dangers and opportunities||You are able to keep large amounts of relevant data in secure but also useful formats without losing the will to live. Other groups come to you for advice on how you did it. You are able to use these skills to do important activist work without tying yourselves in knots||You are able to advise diverse organisations with different motivations, goals, data collection and storage protocols about problems they will possibly encounter down the role. The interfering straight-banana mongers in Brussels have you on speed dial.|
Element Overview Essay
This is a draft. If something doesn’t make sense, or you see typos, or if you have further ideas, please email us on firstname.lastname@example.org
The causes of people not being fully conversant on GDPR is that it’s, you know, relatively complex legislation. And they feel that if it does apply to organisations, it’s to hospitals and banks and universities and not too little grassroots non hierarchical, active citizenship groups, but it does apply to them.
The consequences of getting it wrong is you can get fined, you can get a bad reputation for not storing data in safe and legally appropriate ways. And that people are then less likely to be willing to give you the data or money or Anything else. And this creates issues of a waste of time, energy, morale, etc.
So the solution is to appoint one or two people in your group to understand how GDPR works and what it demands. And then to look at your procedures of the information that you collect and store and figure out if they are compliant, and therefore, how you’re going to stay compliant. And if it turns out that some of your procedures are not compliant, you’re going to have to act fast and then not get back into bad habits.