The Scottish Genealogy Network's CPD day took place in Edinburgh at the Quaker Meeting House on 27 March 2019.
 |
| Quaker Meeting House (Courtesy of Kate Keter) |
Here is a short blog post with information on the day written by new member Susan Paterson:
Tim Musson from Computer Law Training Ltd attended and
instructed us on a session regarding General Data Protection Regulation (GDPR)
& Genealogy. He provided a hard copy of the slides alongside. GDPR applies to anything you do with Data including storage relating to an identified or identifiable natural person.
Natural being ‘living’.
Some key points; precise information is still very unclear
and where it’s not clear how to interpret the regulation, make a documented decision using a 360° view. As long as a reasonable effort is made
its unlikely to find yourself in trouble.
Tim strongly recommended downloading an app and uses ‘DLA Piper’ and ‘Fieldfisher’(both legal
firms) himself where all articles the law is divided into can be accessed. In order to process personal data, you must
have one of; a legal basis where consent
is given, necessary of the performance of a contract or compliance with a legal
obligation and necessary to protect the vital interest of the data subject.
There are others which can be read in full on the app in articles 6 and 7.
If working with live people on your research, you should
register with ICO as £40 annually. Possibility of being fined if you do not.
Gmail is not considered GDPR compliant and free email
services are generally not secure - use other means to secure information being
sent too such as encryption.
Recommend to do (and record) data audit and review any
contracts.
Privacy policy on your website must have a reference to GDPR/data
protection and keep a folder with documents showing compliance. Training can be found at:
Tim’s’ general advice on managing live persons - do not pass
information of living persons to a client, you may pass the client's data to
the person, using legitimate interest as the legal basis for processing the
person's data as it is clearly a legitimate interest of yours to make this
contact as it is part of your job. As it
is you contacting, and not the client, any risk to the rights and freedoms of
the person is minimal, so legitimate interest wins. Must be noted in the
contract.
In the afternoon we discussed several ethical issues such as
the use of images from Ancestry etc; re-using research with a later client, DNA
testing and membership of professional groups. Heritage tourism also came up as
two group members were attending a meeting at parliament in the evening.
I'll keep up the good work JL676A and hopefully provide more informative.
ReplyDelete