Nobbut Torver‎ > ‎


General Data Protection Regulations (GDPR) 
and the Nobbut Torver Email Service. 

GDPR is an EU regulation that came into force on 25th May 2018 to replace the Data Protection Act (DTA).
It imposes very much stricter controls on the holding of people's personal data including the operation of email lists by companies and other organisations.

I have been looking into GDPR as it relates to the Nobbut Torver Email News Service.

In general, if you keep an email list of members you are obliged under GDPR not only to ensure that all your members have opted in to your list, but to keep a record of their permissions. Everyone on the Nobbut list opted in because that's my golden rule - only on the list by personal application, but of course I no longer have their requests having deleted them years ago.

My first discovery:

GDPR does not apply to people processing personal data in the course of exclusively personal or household activity.
To fall within the remit of the GDPR, the processing has to be part of an "enterprise".
Article 4(18) of the Regulation (link below) defines this as any legal entity that’s engaged in economic activity.
You must be careful not to mistake business conducted from home for household activity.

This is the Nobbut's first let out since it does not engage in economic activity, membership being free and no commercial advertising goes out on the Nobbut.
I also hold no personal data other than your email addresses.

And then:

Article 30 (5) of the Regulation states that organisations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offences”.

Well, there's only me and I'm not technically an employee since I'm not paid, and the rest doesn't seem to apply - I have nothing on any of you that risks your rights and freedoms and I have no knowledge of your criminal records.  But there is still some doubt here if economic activity is involved - collecting money or selling products, neither of which I do.  You'll need to check.

So, I think it's safe to assume that the Nobbut is exempt from the new regulations, but if you're involved in a charitable organisation please don't take my word for it, I'm not offering advice here, just relating my research and how I plan to act for the Nobbut.  Businesses must certainly seek professional advice.

If you have the patience to plough through 88 pages and 99 articles here's the beast:   General Data Protection Regulation.