GDPR

GENERAL DATA PROTECTION REGULATION (GDPR)

A European Union law (in force since 2018), designed to protect people’s personal data and privacy. It applies to any organisation, business or group that handles personal data of EU/UK residents, including charities, volunteer groups, and associations such as ours.

Key principles

  • Lawfulness, fairness and transparency – be clear about how data is used.
  • Purpose limitation – only use data for the reason it was collected.
  • Data minimisation – collect only what’s necessary.
  • Accuracy – keep data up to date.
  • Storage limitation – don’t keep data longer than needed.
  • Integrity and confidentiality – keep data secure.
  • Accountability – be able to show compliance.

People’s rights under GDPR

  • Right to be informed (why and how their data is used).
  • Right of access (to see what data you hold).
  • Right to rectification (fix errors).
  • Right to erasure (“right to be forgotten”).
  • Right to restrict or object to processing.
  • Right to data portability (move data elsewhere).

Why does it matter

  • Protects privacy and builds trust.
  • Non-compliance can result in complaints, fines, or reputational damage.
  • Even small community groups must follow the rules if handling personal data.

GDPR for Neighbourhood Watch Members

As a Coordinator, if you collect, store or share personal data (names, contact details, CCTV footage, reports about suspicious activity etc), GDPR applies. That means:

  • Members should understand their responsibilities, especially around lawfulness, fairness, data minimisation, and security.
  • There’s no GDPR clause saying a volunteer group must conduct training but BNWA (as a “data controller”) is responsible for ensuring members comply. 
  • BNWA  isn’t required to run training or compliance programs, simple guidance and written policies such as this will suffice

What is personal data?

• Names, phone numbers, addresses, email addresses.

• Photos or video (e.g., CCTV, doorbell cameras).

• Any information that can identify a person.

Only collect what’s necessary

• Collect contact details of members for coordination.

• Do not gather extra information ‘just in case.’

Be transparent

• Tell people why you need their information.

• Example: “We’re collecting your phone number so we can alert you about local meetings or urgent safety notices.”

Store data securely

• Use password-protected devices.

• Keep paper lists locked away.

• Limit access only to those who need it.

Sharing information

• Share only what’s necessary and with the right people.

• Do not post names, addresses, or unblurred images on public social media without consent.

• If sharing with police, share only what is relevant.

Respect people’s rights

• Anyone can ask: “What data do you hold about me?” → You must tell them.

• They can also ask you to delete their details → You must do so.

Handling CCTV/doorbell footage

• Only keep recordings for a short time (unless needed as evidence).

• Do not share widely — only provide to police or relevant authorities.

Report problems

• If data is lost, stolen, or accidentally shared, tell the group coordinator immediately.

Golden Rule: Treat other people’s information as carefully as you’d want yours treated.