Gilmore Radio Club is a newly formed amateur radio club formed in November 2021 by a group of four amateur radio enthusiasts who came together to form a friendly radio club.
Policies and Procedures
Awareness : Under the new legislation that came into place on May 25, 2018, Gilmore Radio Club (GRC) have been made aware of the change, the date the change took place and the implications of not complying with the law over the GDPR. This document should cover the steps that have been taken and the policies and procedures that have been put in place.
Information we hold : Gilmore Radio Club holds a limited amount of personal data about members of the Club. The data we hold on record are members names, addresses, telephone numbers, email addresses and date of birth. This information is provided via a membership form that the potential new member completes when they wish to join Gilmore Radio Club. Data that is processed by Gilmore Radio Club is compiled from potential new members of the Club. Gilmore Radio Club does NOT share the full membership database outside of the club.
The data that Gilmore Radio Club hold is for the sole purpose of
Membership – this information is used to keep an accurate record of the membership of Gilmore Radio Club. This enables us to assess the length of time they have been with the Club, and for us to send them emails about what is happening within the club. Upon becoming a member, they are asked to complete a membership form with their details on, and also that they agree for their details (picture, first name and callsign) to be put onto the website.
Our Privacy report has been worded and updated.
Individual rights : Our membership list is available as an xlsx file which is password encrypted. Any member that requests to see their data would be sent their line, on email, either in xlsx format or as a pdf. If a member requests us to remove any of their details that we hold on record, this is
actioned within 48 hours of receiving the request and then confirmation is sent to that member on email to confirm the request.
Subject access requests : If you request access to your data, we would action this within 48 hours of receiving the request, unless there were circumstances where the DPO (Data Protection Officer) was unavailable i.e. holidays, sickness etc., in which case the member would be informed accordingly, and the request would be actioned as soon as they returned to their position. If a request is made in writing via the post, then we would action as above, although could be up to two weeks from when it was received at our headquarters due to the dates of our meetings. If you were requesting to see what data we held on file, we would access the mailing list, and send the full line from the spreadsheet for that person or company to see. If they then requested that the information be removed, we would follow the procedure listed in the ‘individual rights’ section of the booklet.
We would not query why this request had taken place.
Lawful basis for processing personal data : All the data that has been provided to Gilmore Radio Club by a member, new or existing. We have not knowingly gathered information unlawfully.
Our privacy notice has been updated to comply with the new regulations as specified in the GDPR.
Consent : As stated above in Lawful Basis, all our data has been acquired by a member completing a membership form.
Children : If a person under the age of 16 wishes to join Gilmore Radio Club , they are requested to get parental consent (from a parent or guardian) who needs to come to our headquarters with that person and speak to a member of the Management Team. They will be required to complete a membership form and sign in front of one of the above, and then the form will be countersigned in front of the parent or guardian.
Data breach : Gilmore Radio Club have taken great care to ensure that we do not breach any aspect of data protection with the membership of the Club. If we receive a notification of a breach of data (i.e. that the company or person did not request to be on our mailing list), we would request that the DPO (Data Protection Officer) contact them as soon as possible to apologise for any inconvenience, and give that person an explanation of how we received their data, and the procedure in place to ensure that this person is unsubscribed from the membership list.
Data protection by design and data protection impact assessment : The data that is held on our membership list is not high risk. The data contains the following information, name, address, telephone number and email address, and date of birth. We use the data we hold to keep the membership informed. We do not use our data for marketing purposes.
Data Protection Officer : Gilmore Radio Club has requested that the above position to be allocated to the Membership Secretary. He will be responsible for managing the data that we use, and will be solely responsible for the membership file. Alongside the Data Protection Officer will be the Club Secretary. No other member of the Gilmore Radio Club Management Team will have access to data.
Secretary/Media Manager – She will be responsible for the managing of the information that is provided by the DPO (Data Protection Officer)/Membership Secretary for website processing, and for processing the club newsletter that is sent out on email. The data is stored on a cloud based system and used on two individual personal pc’s only. This data is used from the cloud whilst updates are taking place.
As a small voluntary Club, this structure has been agreed between the Management Team of four members. We do not think we need to designate a Data Protection Officer, but to comply with the GDPR, the Membership Secretary is happy to take this role on.
Gilmore Radio Club Management Team are aware of the policies and procedures in place. These will be reviewed quarterly at the Committee meetings.
International : Should Gilmore Radio Club have members outside of the United Kingdom, their data will be stored in a secure format.
IT Security : As part of our policy and procedures, Gilmore Radio Club has taken the following steps to ensure that the data we hold is secure.
Assessing the threats and risks to business
As listed above, in order to promote our Society, we hold a very small amount of data as listed in the sections above. None of the data we hold has any financial implications to the person listed on the membership list.
Cyber essentials : To ensure the minimum possible breach of security we only use three PC’s for any membership or course listings.
System configuration/firewalls and gateways : All the computer systems that we use have business anti-virus software installed which is controlled by an external IT company who monitors the risk of virus’s and trojan attacks, and update the software accordingly.
Access controls : On the PC’s that we use, we have restricted access to the person only that owns that PC. The systems require a password to access the system, which is changed on a monthly basis. All personal broadband accounts have encrypted passwords to secure the systems. Should a Management Team member resign from Gilmore Radio Club or should they be absent for a long period of time, all access rights and password would be cancelled.
Malware protection : On the PC Systems used by the volunteering member of the Club, they have been installed with business anti-virus software and malware protection which is monitored by an external IT Company. All updates for both systems are set to automatic.
Patch management and system software updates : The PC’s that are used by the volunteers of Gilmore Radio Club are all running a Windows 10 system, or a later system with all software updates on automatic.
Securing data on the move : We have taken all steps possible to ensure that the data we store is secure. Gilmore Radio Club have agreed that the data will only be stored in the cloud for general use and not on the system using the data. No portable hard drive or usb device will be used for transportation of the data.
As the broadband system used by the two volunteers have been confirmed and are password encrypted, we will not allow any external untrusted device to connect to the network. In the case of another person bringing in a computer to use on the network, they must have anti-virus software installed to ensure that we lessen the risk of a potential threat or trojan attack.
Securing your data in the cloud : All the data we hold is stored on a spreadsheet in a xlxs format, and is password protected. The file is then zipped and stored in the cloud. The cloud based system we use is a well known national company which has a base in the United Kingdom.
Backup your data : Gilmore Radio Club has taken every care to ensure that the data we hold is backed up after every use and restored in the cloud. All antivirus software and malware software are run on a weekly basis to ensure the safety of the data. An external backup of the data will be done on a monthly basis by using the cloud and not transferred data ‘on the move’. This will be done by backing up the data at an external place and storing the data in a secure locked safe at the premises where the backup took place ie the volunteers home.
Training : All members of the Management Team of Gilmore Radio Club have either been trained from an external IT company on the potential risks of a cyber attack on their systems, or are already trained through their place of work. Ie Do not open an attachment if you are unsure about it. Do not open emails from large Corporate companies such as banks, HMRC, DVLA, HMCS etc. We are regularly informed of any potential risk or threat by our IT company and what steps to take should the threat happen.
Checking for problems : As part of the ‘housekeeping’ Gilmore Radio Club regularly check to ensure that all the software installed on the systems is up-to-date and running correctly. Any potential risk or threat that is shown on either the anti-virus or malware software is actioned immediately and either quarantined or destroyed through the various software. The software is then run again to ensure that the risk or threat has been removed.
Know what you are doing : Gilmore Radio Club regularly check the data that we hold to ensure that it is safe and virus free. All security software installed on the pc which uses the data is bought from a reputable certified supplier and is legitimate. Software is continuously checked to ensure that it is up to date. As a small Club we regularly check the computers to ensure that they are working correctly and the system software is up to date.
Minimise your data : The data we store is used regularly throughout the year for the promotion of the running of the Club. No data is stored on the computer that is not needed.
Is your IT contractor doing what they should? The IT for Gilmore Radio Club is outsourced to an external IT contractor. The contractor is based locally and our Secretary has regular contact with the contractor. As we run a stand-alone system and are not running through a server, we do not have access to security assessments. There is a system in place called ‘Managed Workplace’ which allows our IT contractor to access our systems remotely and securely to access the anti-virus/malware software we have. This does not allow them access to the main frame of the system so the files are still secure