Saturday 11 May 2019

On the Right Side CPD Day

The Scottish Genealogy Network's CPD day took place in Edinburgh at the Quaker Meeting House on 27 March 2019.

Quaker Meeting House (Courtesy of Kate Keter)

Here is a short blog post with information on the day written by new member Susan Paterson:

Tim Musson from Computer Law Training Ltd attended and instructed us on a session regarding General Data Protection Regulation (GDPR) & Genealogy. He provided a hard copy of the slides alongside.  GDPR applies to anything you do with Data including storage relating to an identified or identifiable natural person. Natural being ‘living’.

Some key points; precise information is still very unclear and where it’s not clear how to interpret the regulation, make a documented decision using a 360° view. As long as a reasonable effort is made its unlikely to find yourself in trouble.  Tim strongly recommended downloading an app and uses ‘DLA Piper’ and ‘Fieldfisher’(both legal firms) himself where all articles the law is divided into can be accessed.  In order to process personal data, you must have one of;  a legal basis where consent is given, necessary of the performance of a contract or compliance with a legal obligation and necessary to protect the vital interest of the data subject. There are others which can be read in full on the app in articles 6 and 7.

If working with live people on your research, you should register with ICO as £40 annually. Possibility of being fined if you do not.

Gmail is not considered GDPR compliant and free email services are generally not secure - use other means to secure information being sent too such as encryption. 

Recommend to do (and record) data audit and review any contracts.

Privacy policy on your website must have a reference to GDPR/data protection and keep a folder with documents showing compliance.  Training can be found at:

Tim’s’ general advice on managing live persons - do not pass information of living persons to a client, you may pass the client's data to the person, using legitimate interest as the legal basis for processing the person's data as it is clearly a legitimate interest of yours to make this contact as it is part of your job.  As it is you contacting, and not the client, any risk to the rights and freedoms of the person is minimal, so legitimate interest wins. Must be noted in the contract.

In the afternoon we discussed several ethical issues such as the use of images from Ancestry etc; re-using research with a later client, DNA testing and membership of professional groups. Heritage tourism also came up as two group members were attending a meeting at parliament in the evening.

1 comment:

  1. I'll keep up the good work JL676A and hopefully provide more informative.