Preparing for the GDPR
(General Data Protection Regulation)
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament,
the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR has been adopted on May 25th, 2016 and becomes enforcable to all European Union countries on May 25th, 2018. Ref: GDPR -Wikipedia
GDPR and Toastmasters International
Our District core team has been in touch with Toastmasters International World headquarters Legal department.
HQ has informed us that they are aware of the upcoming changes. Toastmasters International will make sure their system fully supports GDPR by May 25th, 2018.
TI has issued all clubs the following advice:
For guidance on how to be compliant, please refer to the helpful links below:
GDPR Guide – Find answers to common GDPR questions.
GDPR Guidance Chart – See how the process works step by step.
Club Privacy Notice – This notice must be signed by all members and guests of your club.
Additionally, we encourage you to visit the Guide to the GDPR to learn more about the regulation and to access useful tools.
For further question please contact firstname.lastname@example.org.
A pan-European GDPR committee has been sset up. It consists of representatives from each European District (D59, D71, D91, D95) and our future districts (FD107, FD108, FD109, FD110) and a representative of Toastmasters International.
The committee is looking at issues connected with GDPR to provide help for operational implementation and support all European toastmasters entities and their representatives in the compliant implementation of GDPR.
If you would like to contribute to this committee and its work please contact the GC representative of District95: email@example.com.
GDPR in the various countries of our District
GDPR is a regulation, not a directive. It does not require national governments to pass any enabling legislation and is directly binding and applicable. But it includes also 69 opening clauses, which can be overruled by country-specific by-laws.
FD95: Denmark, Germany, Sweden, Norway
FD108: Estonia, Finland, Latvia, Poland
FD109: Austria, Bulgaria
FD110: Croatia, Czech Republic, Hungary, Republic of Moldova, Romania, Slovakia, Ukraine
If you would like to contribute info and guides please contact the GDPR representative of District 95: firstname.lastname@example.org
GDPR and easySPEAK
Most of our clubs use easySPEAK to manage the meetings and store data about the members and guests. Thanks to the efforts of Malcolm (the creator of this great tool) easySPEAK is being updated to fully support the GDPR by May 25th, 2018, and allows each club to correctly manage data about members and guests.
The box says:
It has been some time since you reviewed your personal settings, including your privacy choices. Keeping your personal information up to date can help better protect your account. easy-Speak allows you to choose whether the public, club members or only Club and District officers are able to see your name and phone numbers etc. You may also exercise your right to be forgotten - to remove all data, including membership of any clubs known to easy-Speak.
Finally, easy-Speak has been modified so that users are now given the option to remove themselves from any club, where they may have been a member or made a guest speaker in the past for example, without removing all their data.
Whilst we await further details, please see the document, Preparing for the General Data Protection Regulation. The document outlines 12 steps to consider, please could you ensure that ALL club Presidents and VPE’s have reviewed all the steps, with particular attention to the following:
- Information you hold
- Communicating privacy information
- Individuals’ rights
- Subject access requests
- Lawful basis for processing personal data
- Data Breaches
- Data Protection by Design and Data Protection Impact Assesments
- Data Protection Officers
If your club is collecting information about its guests and/or members make sure that the privacy notice supports the GDPR
– see the following examples of privacy notices.
This page will be updated if we receive further details).
(many thanks to our cousins at District 91 and District 59 for providing text basis and several links)