What does GDPR mean for you?

This short piece isn’t an article telling you about the upcoming legislation and us asking for permission to follow you around the internet.  WE DON’T DO THAT.  But we wanted to help dispel a few myths; whilst letting you know how we’ve given you even more power.

What does GDPR mean for you?

So what is it?  The GDPR (General Data Protection Regulations) are from the EU.  

Oh so that means they won’t apply next year doesn’t it?  Well actually they’ve essentially been made UK Law in the Data Protection Act 2018.  They’re here to stay along with a bit of our UK interpretation & specifics.

The legislation sets out that companies, organisations and anyone processing personal data must protect it and collect it in an open and ethical way.  We at Voice are run by a UK Charity called Upstart Projects, and we’re no different. Although the changes to the rules don’t affect us as much as some organisations for a few reasons:

  1. We have never bought data about other people and so only have information we have directly collected in a legitimate way

  2. Most of the data we hold about individuals is very limited and is available to you to edit anytime in your user profile - we don’t hold it on massive databases in a corporate network

  3. We are a small organisation with robust processes already - you won’t have to go through rounds of customer service contact centres to find your data or change it!

So whilst there’s plenty of legal jargon and innumerate explanations about GDPR available (Here’s one video from the BBC, and another source, a third, even a fourth - by the Scouts in Scotland - I’m going to summarise the key points.

It says that everyone has the right to know what information data controllers (the companies & organisations who hold your data) have about you, how they use it. and how you can get it changed.  Information varies and for some companies it is not only your contact details, but your browsing habits online or purchase history.  Does a company record what you’ve bought before and then email you about a new offer they have 6 months later?  Did they get permission from you first?

There’s another question.  Did you know you were giving permission?  It has to be clear - not tucked away in some tiny terms & conditions somewhere.

Myth 1: I didn’t give permission, so they can’t do that! 

Before you jump to conclusions, there are a few ways organisations are legally allowed to process your personal information.  Consent is only one way.  Legitimate interest is another.  So for example we need to be able to send you password reset request emails and similar system notifications.  You wouldn’t be able to use the site if we didn’t.  Check the terms and conditions or privacy policy of the site / organisation you’re using.  

Myth 2: I have to contact everyone I don’t ever want to hear from again.  

No you don’t.  And actually you never really have.  It’s been a responsibility for organisations to only keep accurate and relevant data for as long as needed.  So you’re pretty safe.  Of course many organisations have sent out emails asking you to resubscribe.  They may not have needed to.  But if they did and you didn’t resubscribe - then you should by now be safely off their list.

Myth 3: I’m under 16 and so not allowed to use internet websites.  

As long as you have the permission of your parent or legal guardian to share your data then actually it’s ok.  They should have read and understood the privacy notice, terms and any other details from the data controller first of course.

Do you have a question or myth that you want answered here?  Just ask it in the comments below or email [email protected] and we’ll dig out the answer!

Your rights

The new rules have clarified your rights as a data subject (that’s the person the data is about).   You can find out more in most privacy policies, including ours which are:

  • The right to request a copy of the personal data which we hold about you

  • The right to request that we correct any personal data if it is found to be inaccurate or out of date

  • The right to request that your personal data is erased where it is no longer necessary to retain such data

  • The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data

  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as ‘the right to data portability’), where applicable i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means)

  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing

  • The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests or in performance of a task in the public interest/exercise of official authority; direct marketing or processing for the purposes of scientific/historical research and statistics). 

So what have we at Voice done?

We started with an audit of the organisation.  We looked at what information we collect, how, when and why.  We looked at where we store it and who we store it with.  We also checked who has access to help us process it.  These lists aren’t too big.  But we went in to some detail.  Then we created a summary of key public information which you can find in our privacy policy under section 4 ‘How we use your personal data’.  

We also made some changes to Voice to help give you even more power.  These included:

  • Allowing you to select whether or not to receive comment notification emails on posts you submit - on a per post basis.

  • Allowing you to select whether or not to receive comment notification emails on posts you have commented on - on a per post basis.

  • Allowing you to select whether or not to receive our enewseltters when you register or edit your profile (previously you agreed on registration but then had to click an unsubscribe link from the email itself)

  • And now if you click an unsubscribe link in an email (sent by Mailchimp) our mailing list not only updates, but so does your user profile on our website! - Meaning our data is consistent wherever we look

  • Allowing you to choose whether or not to be reminded to post content or receive congratulatory emails from us

  • Enabling you to completely delete your account with us in a couple of clicks in addition to being able to edit/amend all your data - meaning you don’t need to email us about the deletion

  • Now we ask you to confirm parent or guardian consent on registration if you’re under 16 (previously it was 13)

We’re also looking at any users who haven’t logged in for a while and deleting their account, and looking at anyone who hasn’t opened monthly emails in a while and removing them from our mailing list.  They opted to join either, but may have forgotten about us anyway so we’re having a little cleanse.

We also updated our Privacy Policy with a more in depth look at everything - whilst trying to keep a useful short summary and the language readable.  You can find it here.  You will also have noticed a bar at the top of the page that tells you we use cookies and gives you a direct link to go look at our new privacy page.

Header Image Credit: Pexels


Emrys Green

Emrys Green Voice Team

Emrys is the Business & Projects manager at Upstart who runs Voice.

Alongside managing Voice and its related programmes of work Emrys manages web builds and live events through his own pursuits - with a wide encapsulation of the arts sector. Theatre, Dance, Circus, Spoken Word and a combination of contemporary and shakespearean work would all be in his wheelhouse.

We need your help supporting young creatives

Recent posts by this author

View more posts by Emrys Green


Post A Comment

You must be signed in to post a comment. Click here to sign in now

You might also like

The Welcome

The Welcome

by Amelia Hall

Read now