Data Protection Protocol


This protocol documents the process which the Hart and Soul Community Choir (H&SCC) follows to ensure compliance with the UK General Data Protection Regulation (GDPR).

H&SCC collects information in order to communicate with members and to fulfil its ‘duty of care’ obligation with regard to the health and wellbeing of those members. No financial information is held. Membership data will not be divulged to third parties unless legally obliged to do so.

The GDPR is legislation which gives people more control over their personal data held by an organisation with which they interact. Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

H&SCC Actions to ensure compliance

Members are required to complete a membership form. By doing so they grant permission to hold the data.

Members will periodically be required to resubmit their form to ensure that information is current.

A member’s data will be deleted when they notify that they are permanently leaving the choir.

Data will be collated by an appointed member registrar and stored in pdf format on the H&SCC website. The file is password protected. The password is known by three members. This process is to ensure that the information, while secure, is readily and immediately available in the event of a health or safety incident.


H&SCC         V1.0         190122