Should Membership organisations support their members with GDPR?
I believe they should.
It’s not often I get frustrated but this was one of those times.
I have a client in the security industry who contracts out some of the security monitoring to a third party. I have spoken with the third party and they do not understand GDPR or what they need to do but they are a member of a security industry body. I contacted the security industry body to see what support they were able to provide to the third party and their technical co-ordinator called me back this is is how the conversation went when we caught up with each other.
Me: Hello, I’m Lesley the GDPR lady.
Me: How are you?
TC: I’m good, thank you.
Me: I am working with a client of one of your members currently. My client contracts out their monitoring to one of your members.
Me: And we asked your member for information around their GDPR compliance, their policies, procedures, etc. and for a Data Processing agreement.
Me: And basically, they told me that they are doing everything in order to meet the standards that they needed to meet. Meaning the national standards etc but they are struggling with GDPR. And so have you any specific resources that you provide to them that I can steer them towards?
TC: Can I ask for the name of our member please?
Me: I’d rather not give it because obviously, they’re not meeting the requirements of GDPR at the moment.
TC: Sorry, if you’re not prepared to divulge that information, I can’t talk any further.
Me: But I’m not asking for anything specific. All I’m asking is, do you have some communication, guidance that I can steer them towards.
TC: I’ve got to say unless you can give the name of the member, I can’t give you any information.
Me: But if I can give you the name of the member, I’m breaching their confidentiality. You are not not breaching confidentiality by telling me, you have….
TC: All I can you is that we expect our members to follow legislation and as GDPR is legislation, that’s what we expect them to follow.
Me: So have you provided them with any guidance?
TC: As I can say is we expect our members to follow the legal laws of the land.
TC: GDPR falling into that.
Me: Well, I’ll take it that you haven’t given them any advice…
TC: No, I haven’t said that. We expect our members to follow the law of the land.
Me: And I’m trying to help your member to comply with the relevant legislation.
TC: Please ask the member to contact us. We expect our members to follow the law of the land.
Me: Okay. And that’s not an unreasonable thing. This current member is not. But what I don’t want to do is steer your member towards you saying you can advise them and then find that you haven’t got anything to give them.
TC: As I say, we would expect our members to follow the law of the land. The law of the land is given on the ICO website.
Me: Okay, so you’re just going to steer them to the ICO
TC: That’s where all the relevant information is.
Me: Okay. Thank you for your time, it’s good to understand the position.
This frustrates me so much. A membership organisation not supporting their members with a legal requirement. We work with lots of membership organisations and have created tailored information for their members to make it easy to implement. We also belong to membership organisations who have supported their members with GDPR. I think this is such a shame when membership organisations can add so much value and choose not to.
Want to know something else. From looking at the website, this membership organisation isn’t GDPR compliant either…..