Data protection laws are changing – How does this affect CRY and our Supporters

The General Data Protection Regulation (GDPR) is the new data law that comes into force on 25th May 2018. It affects how every organisation, including Cardiac Risk in the Young, can communicate with you.

We have prepared a Q&A section, which we hope answers your questions. If you have a query that we have not answered, please contact us and we will respond and add it to the information below.

New data protection law:

What is the GDPR? How does it affect us?

The General Data Protection Regulation (GDPR) is a new law coming into effect on the 25th May 2018 that changes the way personal data is collected, kept and used. It will replace the current Data Protection Act.

All organisations (known as data controllers), including charities such as CRY, have to demonstrate how they meet these regulations. An organisation must now specifically receive an ‘opt-in’ from an individual (known as a data subject) to make sure that the individual wants to hear from that organisation.

The main change that will come into effect is that CRY now needs to ask you if you still want to hear from us; and, if so, how you want to hear from us. So, CRY is asking all new and existing supporters if they wish to start/continue receiving emails and/or post from us. You also have the option of opting-out of all communications from us.

If you do want to keep hearing from CRY, you will need to either complete the online form on the CRY website at www.c-r-y.org.uk/subscribe or send us a letter or email clearly confirming what CRY information you would like to start / continue receiving.

What happens if I don’t do anything?

If you don’t do anything then, under the new regulations, CRY may be unable to send communications to you. That is, you might no longer receive the Update magazine, monthly enewsletters, etc.

If you do want to keep hearing from CRY, you will need to either complete the online form on the CRY website at www.c-r-y.org.uk/subscribe or send us a letter or email clearly confirming what CRY information you would like to start / continue receiving.

What does the new regulation include?

The new regulation has seven main points telling CRY how it can collect, keep and use your personal data. CRY is responsible for the personal data it holds about you. Your personal data must be:

  • Processed lawfully, fairly and in a transparent manner,
  • Collected for specified, explicit and legitimate purposes and processed accordingly,
  • Adequate, relevant and limited to the purpose it was collected for,
  • Accurate and kept up-to-date,
  • Corrected or removed without delay if incorrect,
  • Not kept for longer than required for the intended purposes,
  • Processed so that it is kept securely.

The regulation also allows you to check on the data held by CRY and for you to tell CRY to stop using your data.