GDPR

[Mike J]

If you're in a situation where you're running a club with membership and membership expired at the end of March.   Is it still allowed to e-mail members?  Is there some sort of grace period?

[drossall]

GDPR works on principles rather than precise rules. One of those principles is that you're supposed to set out reasonable expectations, and then keep to them. So a key question would be whether you had said anything about your renewals process. For example, if you have a declared grace period, then reminding people to renew during that grace period would seem entirely reasonable.

In general, sending a final notice soon after an expiry seems to me to be reasonable, unless there's something about your specific terms of use or membership rules that would preclude it.

[Ham]

As per drossall. If you wanted to, you could add that if you don't have a response you will assume that they are no longer interested in remaining a member and their details will be removed from your systems in accordance with the club's data handling rules, and they will have no further comms.

[Mike J]

Thanks that makes a lot of sense.  We have a GDPR policy but this isn't specifically mentioned.

I've pestered members via the clubs fb group as membership expired on the 31st and they had the renewals 10 days before.

I'm not terribly sure what I'm doing with the club secretary stuff but the other one wanted to give it up and has since left the club so I can't ask them.

 

[Ham]

Thanks that makes a lot of sense.  We have a GDPR policy but this isn't specifically mentioned.

I've pestered members via the clubs fb group as membership expired on the 31st and they had the renewals 10 days before.

I'm not terribly sure what I'm doing with the club secretary stuff but the other one wanted to give it up and has since left the club so I can't ask them.

Many people do not facebook.

[ian]

Membership is somewhat irrelevant, it's really the expectation of what they've signed up for (post GDPR they would need to specifically opt into continued communication). There's no reason you can't continue to mail them post-membership, but you'd need a reasonable case and you should take the opportunity to ask them to opt into receiving future messages.

[drossall]

In the context of membership, I think that one of the key things to remember is that there are six "bases for processing", of which consent is only one. The ICO have at times suggested that consent should only be used where other bases do not apply. Certainly that's true for membership - if people join, you have a duty to store their data (safely) and contact them about membership matters, including for example AGMs and renewals. You could, I suppose, call that legitimate interest in GDPR terms. So don't ask for consent as such for processing, or for them to opt in, for such mailings.

They have a right to ask you to stop processing their data, but I don't really see how they can do that without also resigning. As ever, you should make clear what you will do when they first sign up.

Consent probably would apply to optional extras, such as promoting club events, sales of club clothing, or whatever. Although, in a small club of 30 people, who all know each other face to face, and usually hand over membership correspondence at the weekly meeting, this can all get rather over-kill in my view!

[Mike J]

It can get overkill but I’m glad I looked at it as membership lapses on the 1st May but this was not mentioned on the application form, so at least I have managed to update and clarify this to everyone.