This article contains information relating to the following areas:
As part of running your student group you may contact your members with regards to management of the group (organising meetups/fixtures, sending information about activities etc.) - no additional consent is required for this as they have joined as a member. However it is good practice to make sure someone can unsubscribe from emails from your group but still remain a member. Our current email management system provided by the College, Mailman, allows users to unsubscribe so you should make sure you are maintaining your lists appropriately.
You may not use your lists for contacting your members for marketing purposes without specific opt-in consent from the individuals to do so. Marketing purposes would probably include advertising events that are not part of your normal offer for your members or emailing people to encourage them to join or rejoin your society. For example, if you were approached by a company to email your members with an offer or event you would first need the consent of your members to send this email. This is a key part of the updates to Data Protection legislation and it is vital that this is adhered to. Anyone on your list must have the opportunity to unsubscribe, either through automated means (eg. through Mailman unsubscribe link) or manually (eg. emailing an admin contact to manually remove them).
You should make sure that only people who have given consent are included on marketing emails.
Consent needs to be granular, opt-in and transparent. You must obtain consent for each list you are sending emails to. You might want to collect your list using Microsoft Forms, which is part of Office 365. This will let you include a checkbox (or multiple checkboxes for more than one list) so you can record the consent - it is important that you keep a record of the consent when it is given. There is various advice online about signup forms - have a search for some best practice and make sure you are abiding by the Data Protection principles.
Consent must be recorded so you can prove you have the consent of the data subject. You should make sure that when you obtain opt-in consent that you are offering a genuine choice - if you do what you want regardless of the consent then this is not a legal basis for processing the data. See the ICO article on consent in GDPR for more info, and the articles on consent for more specifics; the article on obtaining and recording consent has some good practical advice.
We would recommend, where possible, to keep two lists; one for your current members and one for those who wish to receive updates about your society but aren't members.
If you are collecting personal data for marketing purposes, you should provide a Privacy Notice to inform users at the time of collection of how their data will be used. You are also required to provide a Privacy Notice in the same format as the collection method eg. a web page or link if being captured through a webform, or on paper if collecting a paper list.
College has a handy template for newsletter Privacy Notices that you can adapt for your own purposes.
Currently student group mailing is done through Mailman. This is subject to change in future if a better solution is developed by College or the Union.
- Your main list needs to be kept up to date each year to ensure you are not emailing people that are no longer members of your group.
- Everyone has the ability to unsubscribe from a Mailman list - you should ensure that these people are not accidentally readded to your lists if you update them.
- This applies particularly if you are emailing for marketing purposes rather than in the course of running your group - in this case you should create an Mailman list and manage this separately so you are able to distinguish between those who have consented to receive marketing emails and those who haven't.