data is any information relating to an individual, whether it
relates to his or her private, professional or public life. It can
be anything from a name, a home address, a photo, an email address,
bank details, posts on social networking websites, medical
information, or a computer's IP address. The watchwords are
"Data protection by design and by default."
film&video - the magazine of BDFA (The German National Organisation “Bundesverband Deutscher Film-Autoren e.V.” ) - published very useful information about the European regulations for data protection. With permission we use that information as the basis for these notes. We have modified and edited the advice to make this of broader interest and remove items specific to Germany. Thanks to Marcus Siebler, Klaus Piotrowski, Jürgen Liebenstein and film&video editor Tobias Kessler for the original material. BDFA members should refer to www.bdfa.de for advice specific to Germany.
The data protection basic regulation (GDPR) of the European Union, which came into force on May 25, 2018, challenges small groups and clubs, to handle difficult tasks. There is a jungle of information about data privacy, that we currently encounter on Internet forums, magazine articles and unreliable word-of-mouth. Take your time. Study the following information and examine the information tool (mostly in the German language) for handling GDPR on the Internet. This tool was developed by Jürgen Liebenstein (www.runamind.de), and is constantly updated and tailored to our needs. Make sure that you quickly implement the most important points.
Nobody can currently foresee how the new legislation will really affect us, nor how it will be interpreted by courts in the future. Many groups, which already function at the limits of their capacity, are now faced with significant worries. At the moment all that remains is to find one's way through the confusing tangle of legal texts and associated opinions to the best of one's ability.
I would advise you to do that resolutely, but without panic. Keep calm, implement our recommendations, show that you have the topic "on screen", but don't believe anyone and everyone who thinks they have heard this or that. Above all, don't let people talk you into believing that you shouldn't film or photograph people in the future under any circumstances. Certainly, things will change, but some of these changes will happen for sensible reasons.
- yours Marcus Siebler (BDFA President)
Note: The law of Germany and some other countries requires an “Impressum” for websites, which are more than purely personal/family ones. That is a page which lists the name or names and contact address for those responsible for the website. Such pages must be urgently updated to suit GDPR requirements.
Let us start with a little light relief. Admittedly, there are more enjoyable books to read than this new body of legislation, which many see as a monster causing unrest and panic among companies, institutions and associations. Those who take a little time and delve a little deeper into this maze of information will quickly realise, that the GDPR is not simply a list of clear prohibitions, that teaches us what is now permitted and what is not. It is much more (or perhaps even less!)
We all love clear guidelines. We learn from childhood: you must stop on red, you may go on green. In the GDPR, Statements of such clarity are rarely found. Much of it is a matter of interpretation Many things concerning the storage and processing of personal data will still be permitted in the future if they have a purpose. It is precisely this, which is at the core of the GDPR. We must no longer store and archive personal data for no – or only flimsy – reasons. We must always ask ourselves whether, and in what form, do we really need it.
The GDPR, for example, asks us if we still need the data of Karl Huber (fictitious name), who left our film club in 1995, but who is still on an Excel spreadsheet on our computer with his name, address, date of birth, e-mail address and account number.
The GDPR also makes us ask whether the Chairman, the Treasurer, the Equipment Keeper, the Secretary, the Summer Party Chairperson and all club members really need the same list with the addresses of all club members anyway, or whether it would be safer to manage sensitive data centrally and only release it for a specific purpose, if and when required.
So far as the question of what club records should be deleted in the future is concerned, I think we can apply the standards of domestic tidying. For things that we have not needed even once in the last two years, the question automatically arises: should we continue to store it or finally put it in the rubbish bin?
The GDPR will probably not provide us with very clear regulations, to the disappointment of those people who think they know everything precisely at the moment. In the future we will be challenged much more to think for ourselves about our handling of data, and to make sensible decisions, even if this is considerably less convenient than the red and green signs of a traffic light.
The GDPR is nothing other than the right for each of us to be forgotten in an age when everything is stored in bits and bytes.
The discussion about how to handle our data, how to deal with it, how to make sure that we are aware of it – these are the positive aspects of this new GDPR, even if formal implementation then costs committee members time and energy … as volunteers in this hobby have nothing else to do!
– Marcus Siebler