Your committee will be in charge of submitting an up-to-date membership list of your Club / Society to the SU when requested. For every member, this should include:
Student ID number for any Student Members
Email address for any Associate Members (i.e. any members who are not currently registered students at Queen's)
For example, you should record the following information for each member:
Club/Society: Debating Society
Name: Joan Smith
Student ID: 12345678
Only collect personal details if you need them. All the SU requires from your membership list are the details above - nothing else.
You can find more guidance on maintaining your membership list here.
Whatever data you collect, you must use it in a responsible way and keep it safe and secure at all times. The current legislation on data protection (General Data Protection Regulation or GDPR) carries very severe penalties for data breaches.
What is GDPR?
GDPR is a set of principles and regulations which legislate how personal data should be collected, stored, and used. You must be extremely careful when handling any personal data and ensure that you are meeting the standards laid out under GDPR.
The key principles are:
1. Lawfulness, fairness and transparency - all personal data should be processed lawfully, fairly, and in a transparent manner
2. Purpose limitation - personal data must be collected for specified, explicit purposes, and should not be used for any other reason
3. Data minimisation - you should only collect the personal data which is relevant and necessary for your purpose
4. Accuracy - every step is taken to ensure personal data is correct and up-to-date
5. Storage limitation - personal data is only kept for as long as it is needed
6. Integrity and confidentiality - personal data should always be kept safe and secure
7. Accountability - the controller of the data takes responsibility for complying with the six principles above
Protect personal data held electronically:
Encrypt or password protect any files which contain personal data of your members.
Save personal data in secure areas.
Change passwords to devices that hold personal data regularly.
Protect personal data sent via email:
When emailing more than one person always use BCC (Blind Copy). This hides the list of recipients and their details when the email is sent.
Double check you have attached the correct file before sending an email. Make sure the file is password protected.
Use a generic password for all Club / Society files and only share this as needed. For small groups of recipients, you could call them after sending the email to share the password. For larger groups where calling is less convenient, you could use a platform like a SharePoint from to store the password.
Be aware that email chains may contain personal / sensitive data in previous correspondences. Make sure to read through the thread and redact information as necessary.
If the data is sensitive in nature and / or if there's a large volume of it, then it may be that email is not the best medium to transfer the data.
Protect personal data being sent in the post:
Send documents to a specific named person rather than to a department or team.
Check the address you are using is up to date.
Always mark the document using “Strictly Private and Confidential”
Write the return address on the back of the envelope.
Protect personal data during telephone conversations by:
Where possible, asking the individual to submit their request in writing via their organisation’s email system or on company headed paper.
Identifying the person clearly at the start of the conversation.
Refusing to give out the personal data of any other person unless they have provided you with their explicit written consent.
Taking phone calls in private areas.
For more information on GDPR and to view the data protection policy of Queen’s University Belfast, please click here.
For any other queries contact firstname.lastname@example.org or the Clubs and Societies team.