GDPR

Preparing for the GDPR (General Data Protection Regulation)

Background

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR will enter into force in all European Union countries on May 25th, 2018.
Ref: GDPR -Wikipedia

District Privacy Policy

You can read our Privacy Policy here.

Training

During June 2018, Tobias Schlosser from D95 and Francesco Fedele from D59 ran three editions of a one-hour webinar for District Officers, to which over 100 D.O.s have attended – you can access the recording of this webinar here.

Francesco Fedele conducted a brief training for the Club Officer – the recording is available here.

GDPR and Toastmasters International

Our district core team has contacted Toastmasters International’s world headquarters’ legal department. They have informed us that they are aware of the upcoming changes and that their team is working on proper procedures and policies that will be communicated to the clubs and districts soon. Toastmasters International will ensure their system fully supports GDPR by May 25th, 2018. They have sent the info to all clubs the following advice:

For guidance on how to be compliant, please refer to the helpful links below:
GDPR Guide – Find answers to common GDPR questions.
GDPR Guidance Chart – See how the process works step by step.
Club Privacy Notice – All members and guests of your club must sign this notice.

Additionally, we encourage you to visit the Guide to the GDPR to learn more about the regulation and to access valuable tools. The date for compliance is fast approaching, and we hope these documents help you achieve compliance quickly and accurately.

If you have any questions, please get in touch with legal@toastmasters.org.

GDPR and easy-Speak

Most of our clubs use EasySpeak to manage the meetings and store data about the members and guests. Thanks to the efforts of Malcolm (the creator of this great tool), EasySpeak is being updates to support the GDPR by May 25th, 2018, fully, and allows each club to manage data about members and guests correctly.

The Privacy Policy and Terms and Conditions are new and are in the Registration screen for new users and displays, with the revision date, at the foot of all pages.

GDPR foresees that everyone has the right to be forgotten by the system, which means that upon request, we should be able to delete all records of that person. A ‘right to be forgotten’ option will soon be available, together with a ‘right to know what we keep’ option. Users are prompted to review their data, including privacy choices and the Privacy Policy, at least once every 12 months – you may also have noticed recently that a box invites you to update your data with attention to its privacy settings. The box says:

It has been some time since you reviewed your personal settings, including your privacy choices.
Keeping your personal information up to date can help better protect your account.
easy-Speak allows you to choose whether the public, club members or only Club and District officers
are able to see your name and phone numbers etc. You may also exercise your right to be forgotten
- to remove all data, including membership of any clubs known to easy-Speak.

Finally, EasySpeak has been modified so that users can now remove themselves from any club where they may have been a member or made a guest speech in the past, for example, without removing all their data.

GDPR Committee

There is a Europe-wide team with representatives from each District looking at issues connected with GDPR, which is concerned not only with tools like easy-Speak but also tries to have a consider and consistent approach to all that surrounds GDPR, including the parties, connections, and responsibilities, and how tools like easy-Speak fits into that. This committee is also working with representatives from Toastmasters International, especially on legal matters.

Reach out to prm@district109.org for more information.

Supporting documents

While we await further details, please see the General Data Protection Regulation preparation. Document The document outlines 12 steps to consider; please could you ensure that ALL club Presidents and VPEs have reviewed all the steps, with particular attention to the following:

  1. Awareness
  2. Information you hold
  3. Communicating privacy information
  4. Individuals’ rights
  5. Subject access requests
  7. Consent
  9. Data Breaches
  11. Data Protection Officers

If your club collects information about its guests and members, ensure the privacy notice supports the GDPR – see Examples of privacy notice.

GDPR in the various countries of our District

The European Union link to GDPR is available here.

If your club is in France, you might want to look at the info on the CNIL site on “RGPD.”

If your club is in Italy, you might want to look at the info on the “Garante per la Protezione dei dati personal site.”

GDPR may even affect clubs in Switzerland, which is not part of the EU, since those clubs use Easy-Speak and manage members’ personal data, and some of their members are European citizens.

If you want to contribute info and guides for other countries, please get in touch with our IT Manager at itm@district59.org.

This page will be updated once we receive further details.

(thanks to our cousins at District 91 for the basis of this text and some links).

Loading