Hi
Following on from what Jon said, it also depends on what you mean by stakeholders and why you are contacting them.
Consent and opt-in is used for resident newsletters or marketing services and the definition of marketing does cover 'aims and ideals' which can catch public sector work. I'd have thought it would be reasonable to take a business card handed to a staff member, then email them to say something like "you have expressed an interest in our work/project name/London Legacy work and we have added you to [insert name] mailing list. If you no longer wish to receive etc etc". You could also ask staff to say this to people when cards are handed over. Your lawful basis is then the condition that covers the work for which you are using the stakeholder list.
IMO there are legitimate reasons for running stakeholder lists without consent and opt-in though, for things like statutory consultation. For example, searching for contact details for people for planning authority consultations, where we need to show that relevant groups have been consulted with. So we'll look for chairs of resident associations, allotments groups that sort of thing. We provide a privacy notice of where we got their information and why, and we run an opt-out list. But this wouldn't be acceptable for marketing as your recent seminar noted.
I would not consider sharing the list unless you have made that explicitly clear to all individuals on the list. In which case, you may as well publish it online.
Victoria Blyth
Information Strategy Manager
Information Management Team
London Borough of Barnet, North London Business Park, Oakleigh Road South, London N11 1NP
Tel: 020 8359 2015
please consider the environment - do you really need to print this email?
Advance notice of leave 29 July – 16 August
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Danny Budzak
Sent: 11 June 2019 09:11
To: [log in to unmask]
Subject: [data-protection] Stakeholders data
Hi all,
(firstly, thanks very much for comments on digital footprint -very helpful).
A.N.other question...
Like many organisations, we have a list of stakeholders. These include local MPs, councillors, universities and colleges, local authority Chief Execs and so on.
1. I am in the process of reviewing a privacy notice for this list. There seems to be a bit of a grey area here where someone exchanges a business card, and ...there is an expectation (by the recipient, a member of staff) that the person wants to be added to the mailing list. I say grey area because some argue that organisations can use legitimate interest for stakeholder's lists. I suspect the risk of someone complaining is very low, but I still want to make sure we have lawful basis and that the stakeholder database is GDPR compliant.
2. We have been asked by one of our stakeholder's if we will share this list. My inclination is no. If we say yes to one stakeholder, then why don't we share the list with other stakeholders?
3. I went to an interesting seminar just before May 2018 (which was largely entertainment sector - theatres and so on). I seem to remember a discussion there that it was not legitimate to trawl the internet for i) possible donors and ii) to identify potential stakeholders and then start emailing them - even though this data is in the public domain.
I feel like I am getting a bit lost inside this, but like many of you, I am the sole data protection person in the organisation so when questions arise this forum is incredibly useful
thanks + rgds
Danny
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This email and any attachments to it are intended solely for the individual to whom it is addressed. It may contain sensitive or confidential material and should be handled accordingly. However, it is recognised that, as an intended recipient of this email, you may wish to share it with those who have a legitimate interest in the contents.
If you have received this email in error and you are not the intended recipient you must not disclose, distribute, copy or print any of the information contained or attached within it, all copies must be deleted from your system. Please notify the sender immediately.
Whilst we take reasonable steps to identify software viruses, any attachments to this email may contain viruses which our anti-virus software has failed to identify. No liability can be accepted, and you should therefore carry out your own anti-virus checks before opening any documents.
Please note: Information contained in this e-mail may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004.
This message has been scanned by Exchange Online Protection.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|