GDPR

GDPR (General Data Protection Regulation)

[V1.01 180814]

Background

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament,
the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR has been adopted on May 25th, 2016 and becomes enforcable to all European Union countries on May 25th, 2018. Ref: GDPR -Wikipedia

GDPR and Toastmasters International

Our District core team has been in touch with Toastmasters International World headquarters Legal department.
HQ has informed us that they are aware of the upcoming changes. Toastmasters International will make sure their system fully supports GDPR by May 25th, 2018.

TI has issued all clubs the following advice:

For guidance on how to be compliant, please refer to the helpful links below:
GDPR Guide – Find answers to common GDPR questions.
GDPR Guidance Chart – See how the process works step by step.
Club Privacy Notice – This notice must be signed by all members and guests of your club.

Additionally, we encourage you to visit the Guide to the GDPR to learn more about the regulation and to access useful tools.

For further question please contact legal@toastmasters.org.

Data Protection Authorities

Each country in EU has to legitimate its own Data Protection Authority (DPA).
These authorities are asked to monitor and enforce the GDPR in the specific country.
They are also responsible for pronouncing the fines and the place to report any breaches.

List of Data Protection Authorities 

GDPR Committee

A pan-European GDPR committee has been set up. It consists of representatives from each European District
(D59, D71, D91, D95, D107, D108, D110) and a representative of Toastmasters International.

The committee is looking at issues connected with GDPR to provide help for operational implementation
and support all European toastmasters entities and their representatives in the compliant implementation of GDPR.

If you would like to contribute to this committee and its work please contact the GC representative of District95: gdpr@toastmasters-95.org.

GDPR in the various countries of our District

GDPR is a regulation, not a directive. It does not require national governments to pass any enabling legislation and is directly binding and applicable. But it includes also 69 opening clauses, which can be overruled by country-specific by-laws.

FD95: Denmark, Germany, Sweden, Norway

FD108: Estonia, Finland, Latvia, Poland

FD109: Austria, Bulgaria

FD110: Croatia, Czech Republic, Hungary, Republic of Moldova, Romania, Slovakia, Ukraine

If you would like to contribute info and guides please contact the GDPR representative of District 95: gdpr@toastmasters-95.org

GDPR and easySPEAK

Most of our clubs use easySPEAK to manage the meetings and store data about the members and guests. Thanks to the efforts of Malcolm (the creator of this great tool) easySPEAK is being updated to fully support the GDPR by May 25th, 2018, and allows each club to correctly manage data about members and guests.

The Privacy Policy and Terms and Conditions have been updated, and they are now also included in the Registration screen for new users and displayed, with revision date, at the foot of all pages.

GDPR foresees that everyone has the right to be forgotten by the system, which means that upon request we should be able to delete all records of that person. For that a ‘right to be forgotten’ option will soon be available, together with a ‘right to know what we keep’ option. Users are prompted to review their personal data, including privacy choices and the Privacy Policy, at least once every 12 months – you may also have noticed recently that there is a box that invites you to update your personal data with attention to its privacy settings.
The box says:

It has been some time since you reviewed your personal settings, including your privacy choices.
Keeping your personal information up to date can help better protect your account. easy-Speak allows you to choose whether the public, club members or only Club and District officers are able to see your name and phone numbers etc. You may also exercise your right to be forgotten - to remove all data, including membership of any clubs known to easy-Speak.

Finally, easy-Speak has been modified so that users are now given the option to remove themselves from any club, where they may have been a member or made a guest speaker in the past for example, without removing all their data.

Supporting documents

Whilst we await further details, please see the document, Preparing for the General Data Protection Regulation. The document outlines 12 steps to consider, please could you ensure that ALL club Presidents and VPE’s have reviewed all the steps, with particular attention to the following:

  1. Awareness
  2. Information you hold
  3. Communicating privacy information
  4. Individuals’ rights
  5. Subject access requests
  6. Lawful basis for processing personal data
  7. Consent
  8. Children
  9. Data Breaches
  10. Data Protection by Design and Data Protection Impact Assesments
  11. Data Protection Officers

If your club is collecting information about its guests and/or members make sure that the privacy notice supports the GDPR
– see the following examples of privacy notices.

This page will be updated if we receive further details).

(many thanks to our cousins at District 91 and District 59 for providing text basis and several links)