Your committee will be in charge of maintaining an up-to-date membership list of your Club/Society. For every member, this should include:
Confirmation of whether they are a Student Member or an Associate (non-Queen's student) Member
Student number, where applicable
Confirmation of whether or not they are aged 18+. This should be recorded as Yes/No rather than as a date of birth.
For example, you should record the following information for each member:
Club/Society: Debating Society
Name: Joan Smith
Student ID: 12345678
Aged 18+?: Yes
Only collect personal details if you need them. All the SU requires from your membership list are the details above - nothing else.
You can find more guidance on maintaining your membership list here.
Whatever data you collect, you must use it in a responsible way and keep it safe and secure at all times. The current legislation on data protection (General Data Protection Regulation or GDPR) carries very severe penalties for data breaches.
What is GDPR?
GDPR is a set of principles and regulations which legislate how personal data should be collected, stored, and used. You must be extremely careful when handling any personal data and ensure that you are meeting the standards laid out under GDPR.
The key principles are:
1. Lawfulness, fairness and transparency - all personal data should be processed lawfully, fairly, and in a transparent manner
2. Purpose limitation - personal data must be collected for specified, explicit purposes, and should not be used for any other reason
3. Data minimisation - you should only collect the personal data which is relevant and necessary for your purpose
4. Accuracy - every step is taken to ensure personal data is correct and up-to-date
5. Storage limitation - personal data is only kept for as long as it is needed
6. Integrity and confidentiality - personal data should always be kept safe and secure
7. Accountability - the controller of the data takes responsibility for complying with the six principles above
You can read more on GDPR on the Information Commissioner's Office website here.
Protect personal data held electronically:
Encrypt or password protect any files which contain personal data of your members.
Save personal data in secure areas.
Change passwords to devices that hold personal data regularly.
Protect personal data sent via email:
When emailing more than one person always use BCC (Blind Copy). This hides the list of recipients and their details when the email is sent.
Double check you have attached the correct file before sending an email. Make sure the file is password protected.
Contact recipients in a separate email to provide the password to a password protected file.
Start a new email each time rather than replying to a thread.
Protect personal data being sent in the post:
Send documents to a specific named person rather than to a department or team.
Check the address you are using is up to date.
Always mark the document using “Strictly Private and Confidential”
Write the return address on the back of the envelope.
Protect personal data during telephone conversations by:
Where possible, asking the individual to submit their request in writing via their organisation’s email system or on company headed paper.
Identifying the person clearly at the start of the conversation.
Refusing to give out the personal data of any other person unless they have provided you with their explicit written consent.
Taking phone calls in private areas.
For more information on GDPR and to view the data protection policy of Queen’s University Belfast, please click here.
For any other queries contact firstname.lastname@example.org or the Clubs and Societies team.