The Welsh Beekeepers’ Association
Issue: 3 Date: 11th June 2019 Next review due: June 2021
Changes since last issue: Rewording of Section 6.5 to require data retention for 10 years.
Written by: David Kennedy Approved by: John Bowles
1. General Statement of the WBKA’s responsibility
WBKA is required to process relevant personal data so that it can deliver services to its members, and shall take all reasonable steps to do so in accordance with this Policy.
2. Membership Data Controller
The WBKA Membership Secretary is the Membership Data Controller, who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998 and the EU General Data Protection Regulation (GDPR) which is applicable from 25th May 2018.
3. The Principles
The WBKA shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the Data Protection Act and GDPR to ensure all member information is:-
• Fairly and lawfully processed
• Processed for a lawful purpose
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than necessary
• Processed in accordance with the data subject’s rights
• Not transferred to other parties without adequate protection
4. Member information
WBKA receives and processes some or all of the following personal information about each of its Association, Individual and Honorary members:
Name, postal address, email address and telephone number
This information is supplied in electronic form by the Membership Secretaries of Welsh Beekeeping Associations and in electronic or paper form by Individual Members.
5. Supply of information to other parties
To enable services to be delivered to its members, WBKA sends member information:
– for Individual Members, to Bee Disease Insurance Ltd for insurance services
– for all Members, to the printer of the Welsh Beekeeper magazine for its postal distribution list
The contact details of those members who are Association delegates and officers are shared within WBKA for management purposes.
Member information held by WBKA may be sent to their Association’s Membership Secretary for validation purposes.
No information shall be supplied to any other parties without the Member’s prior consent.
6 Data Security, Storage and Retention
WBKA will take appropriate technical and organisational steps to ensure the security of personal data. WBKA will ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
An appropriate level of data security will be deployed for the type of data and the data processing being performed. The following specific requirements shall be met:
6.1 The computer(s) which hold membership records (i.e. the WBKA membership database and all files received from and sent to WBKA area Associations) shall have password protection and shall have up to date firewall and anti-virus software
6.2 The membership database (currently a Microsoft Access file) shall be encrypted so that anyone receiving a copy of the database cannot read the contents unless they also have the password
6.3 A backup copy of the membership database shall be made at least once a month, and preferably each time the database is changed
6.4 Routine backups shall be made on solid state disks, CDs or memory sticks and stored in a separate location (i.e. a different address) or with a secure cloud storage service. The backup media or cloud storage account shall be used solely for WBKA membership records and shall not contain any personal files. If a secure cloud storage service is used, routine backups shall also be kept.
6.5 A new database shall be set up at the beginning of each calendar year, and the previous year’s membership data shall be securely archived. Archives shall be kept for 10 years so that WBKA can if necessary confirm who has been covered by their annual Product and Public Liability Insurance Policies.
6.6 Member information shall be encrypted, password protected or shared using a secure cloud storage service when sent to other parties, including the member’s own Association. Secure online access to the BDI database and FTP transfer of Welsh Beekeeper postal lists meet this requirement.
WBKA shall endeavour to ensure that all personal data held in relation to its members is accurate.
8. Rights of Access to Information
Members have the right of access to information held by WBKA, subject to the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. Any member wishing to access their personal data should put their request to the Membership Data Controller, email address firstname.lastname@example.org. WBKA will respond to any such requests as soon as is reasonably practicable, and in any event within 30 days.
9. Relevant documents
The following documents are relevant to the implementation of this Policy:
WBKA Membership Secretary Job Description
WBKA Individual Membership Application Form (Paper and Electronic versions)
Completed Association and Individual Membership Application Forms
The contract between WBKA and the printer of the Welsh Beekeeper magazine (currently Stephens & George Print Group)