Hello, I am new to this group so this subject may have been covered
previously. However, I would appreciate advice.
I have drawn up Data Protection notices for our relevant forms for the
collecting of new personal data. However, I am trying to work out a
strategy for obtaining consent from existing "customers" on our database for
the continued processing to comply with the Act. My organisation is a
membership organisation, so much of the personal data is regarding our
members and is on-going.
I have thought about distributing notices by mail shot, or putting an entry
in members magazine, but that would not be obtaining consent. Alternatively
we could send out forms to be signed and returned. But what can we do about
non-returns which is not heavy handed and against our members interests?
What are other organisation's doing about processing existing personal data?
Your comments would be appreciated.
Jonathan Hodgetts
Information Security Manager
MCPS-PRS Alliance
The information transmitted is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material.
Any use (including retransmission or copying) of this information by persons or
entities other than the intended recipient is prohibited. If you are not the intended
recipient of this transmission, please contact the sender and delete the material
from any computer. The sender is not responsible for the completeness or accuracy
of this communication as it has been transmitted over a public network.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|