Important: This is 4N-specific guidance. The info in these GDPR FAQs is specific to 4Networking and relates to how we have prepared for GDPR; how we use your data and member data; and what we need you to do as a 4N team member. It is NOT advice for your own business's GDPR compliance! With GDPR implementation having taken place on 25th May 2018, this guide outlines our current position and plans and should answer the most common questions you’ll get as a team member. This FAQ is confidential – please do not share outside your team.
We have worked on 4N's GDPR compliance for a year prior to the implementation date and a detailed assessment has shown that prior to the launch of this new 4N website we were largely compliant already. However, this new site has given us the opportunity to improve our handling of members’ personal data, while continuing to provide teams with the ability to promote their local groups. On this new 4N website there are tighter controls regarding the access and use of personal data.
Yes – provided they’ve not previously asked you not to, and that it is reasonable to do so. Do this primarily to invite them to future meetings. Only email members who have attended past meetings at your group, and do not bombard them with emails. Use the Marketing facilities in the team area of the site as the way to send emails. Using the Branded Emails facility, you can select relevant groups of people to email. We’re confident these emails do not represent ‘marketing’ – as we’re emailing members about making best use of their membership. Our legal basis under GDPR is “contractual obligation”, and PECR does not apply to service updates.
Yes – in a similar way to Passport members, to invite them to future meetings, with the same safeguards. As they are registered on the 4N site, our legal basis under GDPR is “legitimate interest”.
Team members may well have gathered business cards and contact info on prospects, from business shows and other networking events. This data can be used to promote 4N meetings – however, the team member must be sure that they have consent to email these contacts about 4N. Emailing these people will be from outside this 4N site, so ensure you have included an unsubscribe facility to all emails. For the purposes of GDPR, the team member sending this email is acting as the controller, and on that basis it's up to that person to be sure that they have consent to do so. This is important to comply with PECR where the recipient may not be a company. Responsibility for “responsible use of this data” lies with the sender and the sender must adhere to unsubscribe requests.
Where someone has said they’d like to come to a meeting, use Invite A Friend to ensure that their data is in the 4N system and managed accordingly.
Invite a Friend should NOT be used to invite people who have not already expressed some interest in attending a 4Networking meeting. If someone has expressing an interest in attending a 4N meeting, it is reasonable use of their data, on the basis of legitimate interest, to input this and send them an invitation via the 4N site.
Any email generated by a team member should have that person’s name as the sender. Only emails from 4Networking LTD should say they are from 4Networking.
Avoid including the email address or phone number contact info of other team members or of the upcoming 4Sighter, as this now requires the documented permission of each person. So, keep things simple and just link back to their 4N profile page, as this contains info already agreed and provided to 4N.
Yes. Team members do not need to take any action such as announcements or signage regarding photography. We take photos to promote 4N meetings and showcase their unique atmosphere – in GDPR terms, to do so represents a ‘legitimate interest’. However, a photo is personal data if the subject is obvious and can be identified and so we must respect that. Every 4N meeting booking confirmation email contains a message in the footer area, asking all attendees when they arrive at the meeting to make a team member aware if they do not want to be photographed. Team members must respect this and ensure those wishes are taken into consideration by all attendees. A reference to this is included on the Privacy Notice on the 4Networking website.
It is essential that Area Leaders ensure that written-down card details data on the front of 4N Join Forms, completed at 4N meetings, is securely destroyed as soon as it has been processed. Also, any completed forms must be stored securely prior to processing.
Do not leave joining forms lying in plain view of the public. As soon as a new member completes the form, process it on the spot or secure it for processing once you are home in the office.
Never discard completed joining forms at the venue, as they have confidential address info on them.
Never email or otherwise transmit completed forms to anyone. This is not secure.
The preferred route is to process a new membership and take payment online before the visitor leaves the meeting. This avoids the need to write down card information and avoids any change of mind by the visitor before payment has been processed. If you’ve not already done so, please put in place the equipment and online access at your venue to process membership online.
In the event of a lost joining form, immediately ring your Regional Leader. The Regional Leader will then follow up with the Network Leader for guidance.
Yes. However, you must comply with each social media platform’s terms and conditions. For example, LinkedIn’s T&Cs prohibit the downloading of email addresses, so please do not do this.
Please direct further questions to your RL. RLs have access to 4N’s Data Protection Group – look out for additional FAQs based on your questions. We will be updating the Winning Team Guide and give further specific guidance to team members in answer to questions raised.
To protect the interests of our members (including you), no data should be stored or managed outside the 4N website.