GDPR type question

UKBouldering.com

Help Support UKBouldering.com:

Simon Lee

insect overlord #1
Joined
Mar 16, 2005
Messages
8,792
Location
The Former Peoples Republic of South Yorkshire
Hopefully most aware that I’ve been running a petition on Change.org to have the BMC include a couple of resolutions at the AGM.

I’ve fallen foul of trying to validate a lot of the signatories being BMC members so trying to reach unverified signatories and ask them to email me signatories.

I had a post swiftly pulled on UKC that read:


Does anyone know these climbers?

If so can you please contact them and email me their BMC member numbers to [email protected] so I can have their petition signature validated by the BMC Office. The deadline is Saturday 27th.

I then listed the names of 200 or so unverified signatories.

The petition and support of resolutions isn’t a private matter so did I do anything perceptually or actually wrong?
 
No expert, but I suspect you are functioning as a data processor under GDPR and the individuals have not given specific consent for their identities as signatories to be published.
https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controllerprocessor/what-data-controller-or-data-processor_en
 
Well, I signed and then realised I wasn't a BMC member so didn't follow up. You can remove me from the list if that helps. I'm sure you figure out who I am...
 
I do GDPR stuff for lattice. Mr J is basically correct. One of the guiding principles of GDPR is that you clearly communicate the purpose for which data is being collected and to get explicit consent for this usage, so in this case I would say that it was not clearly communicated that the names would be shared publicly.
 
Back
Top