Introduction

  • What is the scope of this GDPR guidance?

    Important: This is 4N-specific guidance. The info in these GDPR FAQs is specific to 4Networking and relates to how we have prepared for GDPR; how we use your data and member data; and what we need you to do as a 4N team member. It is NOT advice for your own business's GDPR compliance! With GDPR implementation having taken place on 25th May 2018, this guide outlines our current position and plans and should answer the most common questions you’ll get as a team member. This FAQ is confidential – please do not share outside your team.

  • How has 4N planned for GDPR?

    We have worked on 4N's GDPR compliance for a year prior to the implementation date and a detailed assessment has shown that prior to the launch of this new 4N website we were largely compliant already. However, this new site has given us the opportunity to improve our handling of members’ personal data, while continuing to provide teams with the ability to promote their local groups. On this new 4N website there are tighter controls regarding the access and use of personal data. 

Guidance on emailing people

  • Can I email current Passport members?

    Yes – provided they’ve not previously asked you not to, and that it is reasonable to do so. Do this primarily to invite them to future meetings. Only email members who have attended past meetings at your group, and do not bombard them with emails. Use the Marketing facilities in the team area of the site as the way to send emails. Using the Branded Emails facility, you can select relevant groups of people to email. We’re confident these emails do not represent ‘marketing’ – as we’re emailing members about making best use of their membership. Our legal basis under GDPR is “contractual obligation”, and PECR does not apply to service updates. 

  • Can I email Online Only members, past visitors & lapsed Passporters

    Yes – in a similar way to Passport members, to invite them to future meetings, with the same safeguards. As they are registered on the 4N site, our legal basis under GDPR is “legitimate interest”. 

  • Can I email prospects not registered on the 4N site?

    Team members may well have gathered business cards and contact info on prospects, from business shows and other networking events. This data can be used to promote 4N meetings – however, the team member must be sure that they have consent to email these contacts about 4N. Emailing these people will be from outside this 4N site, so ensure you have included an unsubscribe facility to all emails. For the purposes of GDPR, the team member sending this email is acting as the controller, and on that basis it's up to that person to be sure that they have consent to do so. This is important to comply with PECR where the recipient may not be a company. Responsibility for “responsible use of this data” lies with the sender and the sender must adhere to unsubscribe requests. 

    Where someone has said they’d like to come to a meeting, use Invite A Friend to ensure that their data is in the 4N system and managed accordingly. 

  • Is it still OK to use Invite a Friend?

    Invite a Friend should NOT be used to invite people who have not already expressed some interest in attending a 4Networking meeting. If someone has expressing an interest in attending a 4N meeting, it is reasonable use of their data, on the basis of legitimate interest, to input this and send them an invitation via the 4N site.  

     

  • What name should be in the ‘From’ field of mass emails?

    Any email generated by a team member should have that person’s name as the sender. Only emails from 4Networking LTD should say they are from 4Networking.

  • Is it OK to include team member/4Sight speaker details in emails?

    Avoid including the email address or phone number contact info of other team members or of the upcoming 4Sighter, as this now requires the documented permission of each person. So, keep things simple and just link back to their 4N profile page, as this contains info already agreed and provided to 4N.

Guidance on using photos and videos

  • Can I take photos & videos of people at meetings?

    Yes. Team members do not need to take any action such as announcements or signage regarding photography. We take photos to promote 4N meetings and showcase their unique atmosphere – in GDPR terms, to do so represents a ‘legitimate interest’. However, a photo is personal data if the subject is obvious and can be identified and so we must respect that. Every 4N meeting booking confirmation email contains a message in the footer area, asking all attendees when they arrive at the meeting to make a team member aware if they do not want to be photographed. Team members must respect this and ensure those wishes are taken into consideration by all attendees. A reference to this is included on the Privacy Notice on the 4Networking website.

Guidance on using Join Forms

  • How should I treat card payment details on Join Forms?

    It is essential that Area Leaders ensure that written-down card details data on the front of 4N Join Forms, completed at 4N meetings, is securely destroyed as soon as it has been processed. Also, any completed forms must be stored securely prior to processing.

    The preferred route is to process a new membership and take payment online before the visitor leaves the meeting. This avoids the need to write down card information and avoids any change of mind by the visitor before payment has been processed. If you’ve not already done so, please put in place the equipment and online access at your venue to process membership online.

Using social media

  • Can I use social media to promote my meetings?

    Yes. However, you must comply with each social media platform’s terms and conditions. For example, LinkedIn’s T&Cs prohibit the downloading of email addresses, so please do not do this.

Glossary of terms

  • What do various acronyms and terms mean?

    • GDPR: General Data Protection Regulation
    • PECR: Privacy and Electronic Communications Regulations
    • ICO: The Information Commissioner’s Office
    • Legitimate Interest: This is a legal basis for processing data (like consent), except the data subject doesn’t need to be asked for consent. A legitimate interest has to be identified (eg "promoting 4N" or "network security") and this is then balanced against the interests of the data subject, with the data subject then having the right to object.
    • Contractual Obligation: Like Consent and Legitimate Interest, this is another basis for processing data. This covers a business relationship where personal data needs to be processed to fulfill a contract - for 4N, this relates to membership contracts.
  • Where can I get additional information?

    Please direct further questions to your RL. RLs have access to 4N’s Data Protection Group – look out for additional FAQs based on your questions.  We will be updating the Winning Team Guide and give further specific guidance to team members in answer to questions raised.