What you need to know about GDPR

With one month to go until the introduction of the General Data Protection Regulation (GDPR) the focus for many is rightly the local elections. The team at LDHQ is still working hard and we recognize the importance of breaking down the legislation into smaller chunks. So we have developed a short, three-step process for handling data:

Download, Use, Delete.

We have been mentioning our new mantra recently in training and comms, but it would probably help if we took some time to explain in a bit more detail.

In short, we are trying to describe the ideal journey of data through your computer or personal files. To clarify, below we are talking about Lib Dem data exported from systems on the soon to be released Approved Supplier list.

Download

All information we use should be coming from a limited number of sources. For example: Salesforce for members, Connect for canvassing and Nationbuilder, Prater Raines or other approved platforms for online email sign-ups.

All of the above provide safe storage for data at rest, which from a data security standpoint is important.

Before downloading anything make sure that you have identified opt-outs and unsubscribes. It may sound a bit simplistic but it’s hugely important to do so.

Use

When using information, there are a few things you need to keep in mind. Firstly, where did it come from and why was it collected. Data should only be used in accordance with the reason specified when first collected. We must respect where we have only gained consent to contact a person about a named campaign.

Secondly, think about who will be seeing the raw data, and whether you absolutely need to share it. For example, a printer obviously needs to see a list of names and addresses to produce a targeted mailing. However, the supporter delivering the same mailing not so much.

Where you must share data then make sure that any file is encrypted, sent by secure transfer or one of the approved cloud storage tools.

By keeping the pool of people accessing and using a data set to a minimum, the risk of a data breach is reduced proportionally.

Delete

Throughout the GDPR project so far we have stressed the importance of encryption as a last resort in storing data. Wherever possible the ideal remains not to store data in the first place.

Where there is data you cannot avoid storing on your computer, then the hard drive must be encrypted. Overall it is easier and safer to delete a file from your computer once finished with the data. The same is true to hardcopies.

Once you have finished entering data from a canvass session (for example) the best place for the sheet is in a shredder or secure disposal bin. In no terms should paper displaying any personal data be re-used, recycled whole or put in the rubbish.

Keeping the Lib Dem data you hold to a minimum reduces the risk of it being stolen, used in error or sent to someone it shouldn’t be.

From the start we’ve tried to make it clear that GDPR is going to mean big changes in the way the Party works. This remains the case. While there is more to being compliant with GDPR than Download, Use, Delete, it’s a pretty good place to start.

As a reminder there is a whole range of materials about GDPR on the Member’s Section of the Party website. Please check it out, along with the newly added Data Protection Manual which is being updated overtime ahead of 25th May 2018.

* Sanjay Samani and Richard Kember lead the GDPR Team in LDHQ.

Read more by or more about , or .
This entry was posted in Campaign Corner.
Advert

6 Comments

  • Laurence Cox 26th Apr '18 - 1:49pm

    It is good to see a posting on this subject. GDPR is changing the way we campaign and it is essential that Party members take notice of this. The one downside I have found is that we used to hold a good deal of data on electors when we used EARS (I was data officer in my local party then), but much of it seems to have disappeared in the transfer to Connect. I wasn’t aware of this until this year, not having been data officer for about four years, when it proved to be very difficult getting the requisite 10 signatures for the nomination papers in our ‘black hole’ wards. Having only a list of members and potential supporters and no access to the electoral register itself was far from ideal.

  • Tony Greaves 26th Apr '18 - 5:03pm

    And you all think that the Tories will not keep their detailed data on everyone in sight, for ever? (Also I may be dim but what is the point in collecting data if you then throw it away?)

  • Penny Hopkins 26th Apr '18 - 6:28pm

    When I download a list of members from Salesforce, the only way to identify any changes (or, occasionally, errors) is to compare it with a previous download, which I currently keep on my PC as a password-protected Excel file. Does this meet the new requirements?

  • @Penny – You raise an important query, as most of us will at times be handling personal data, which we may find useful to retain for a period of time.

    As one of the things missing from the GDPR awareness raising campaign has been the translation into everyday usage and thus making GDPR compliance more accessible to lay people, I would hope that Sanjay and Richard prepare a short information paper (or even a series) based around typical data usage scenarios within the party, of which your’s would seem to be typical (I assume you are a volunteer and working within a branch context and thus potentially using your own home computer – shared with other members of your household) and give some guidance on reasonable actions you should and can take to both protect and delete such data.

    Hence I think this would be more appropriate than me (and others) offering GDPR compliance advice here.

    Provided you are using at least Excel 2007 and preferably a more recent version that is still getting security updates, the password protection function I would say is sufficient, particularly when combined with a reasonable password to protect the data at rest on your computer. Hence I think you are generally looking good and showing a high degree of data awareness, but you really need Sanjay and/or Richard to advise before you mentally tick the “I’m okay” box.

  • Laurence Cox 28th Apr '18 - 7:36pm

    @Tony Greaves
    You are not throwing away the data you collect. If it is on voting history/canvassing it goes into Connect and if it is other information it goes into Nationbuilder. What Sanjay and Richard are saying is that you shouldn’t be keeping copies of the data independently of those kept by the Party on these databases. That way when someone demands from the Party all the records they hold on them they just have to print out what they have on Connect and Nationbuilder (and Salesforce if they happen to be a Party member). If you want to stir things, I suggest that you wait until after May 25th and then demand of your local Tory and Labour parties all the information they hold on you.

    @Penny Hopkins
    You really need to be using Office 2010/2013/2016 so that you can use file encryption. See: Add or remove a password to control access

    To set a password on your Word, Excel or PowerPoint file click File > Info > Protect Document > Encrypt with Password. You’ll be prompted to create a password, then to confirm it. After you’ve added a password to your file you’ll want to be sure to save the file to make sure the password takes effect.

    From: https://support.office.com/en-us/article/add-or-remove-protection-in-your-document-workbook-or-presentation-05084cc3-300d-4c1a-8416-38d3e37d6826

    The important distinction is between basic password protection and file encryption. If your version of Office doesn’t allow file encryption, or if you are using Home versions of Windows 7/8/10 that don’t have BitLocker, then it would be worth looking at something like 7-zip, which works like the older WinZip in creating a compressed file, but also allows you to encrypt it. You can find it at https://www.7-zip.org/

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

If you are a member of the party, you can have the Lib Dem Logo appear next to your comments to show this. You must be registered for our forum and can then login on this public site with the same username and password.

To have your photo next to your comment please signup your email address with Gravatar.

Your email is never published. Required fields are marked *

*
*
Please complete the name of this site, Liberal Democrat ...?

Advert



Recent Comments

    No recent comment found.