General Data Protection Regulation (GDPR) - Statement of Intent

Brethren, on May 25th 2018 a new regulation regarding the use of personal information comes into force – The General Data Protection Regulation, or GDPR. This is an update to the current Data Protection Act and brings in sweeping changes that will apply consistently across all Europe.

The purpose of the regulation is to ensure that all personal data - data which can be used to identify an individual such as; Name, Phone Number, E-Mail Address, Home Address, Date of Birth and photographs are used correctly and safely and are effectively managed in accordance with your wishes as an individual.

The Mark Province of East Anglia takes the security of your information very seriously and is working to ensure full compliance with the new regulations. This will require some changes to the way we currently manage information. Some of these changes will impact on those with a responsibility for collating and managing data such as our Provincial and Lodge Secretaries, while other changes will have an effect on us all. Previously, agreement to use personal information could be managed using the principle of Opt-Out. If you didn’t specifically state that you were not happy to have your data used in a particular way your approval was assumed. One of the main changes GDPR brings is that this is no longer acceptable. Your approval to use your personal information must be explicit and must be given against each document type in which it is used.

To lead our response to GDPR, I have asked our Assistant PGM. W. Bro. Tim Ridley to take the role of Data Protection Officer for the Province. Tim will ensure that all our information requirements are identified, understood and documented to demonstrate our compliance with the new Regulations.

We have established this area of our public website specifically to update you on all we are doing to progress our work to keep your information safe. We will also give you regular updates via your Lodge Secretary.

The first action we will undertake will be a full audit of our use of personal information. This will document what information is gathered, where, by whom and for what purpose. It will identify precisely how that information is stored and used and how it is kept secure and destroyed when finished with.

We will also review our procedures to ensure that we do not share personal information without the individual’s consent.

Brethren, these changes are going to impact us all, please ensure that you do all that is necessary to support this work and in particular, if you have a responsibility for managing any of our member’s personal information please keep up to date with the progress of this project and review and update your methods of working to comply with the requirements of the new regulations.

I ask that you do not undertake any actions until instructions are issued via the Province to ensure that we demonstrate a consistent approach to our response to compliance with GDPR. Regular updates will be issued via Lodge Secretaries and this web site.

Download this statement (pdf; 332KB): 

Grand Lodge Statement, 1 August 2018: