Back in April this year, I wrote to the ICO (Information Commissioner’s Office) for “official guidance on GDPR for purely personal, non-commercial, use of data”. I made the point that much had been published about how GDPR applied to organisations and companies, but I had failed to find anything that applied to data handling for social clubs.
This is in respect to data I hold with regard to the forums I administer and mail-lists I run, all purely social activities, involving people who had explicitly joined up.
Now, mid-October, I’ve received a reply.
To be fair, the ICO response did start with “We would like to apologise sincerely for the time it has taken to respond to your email.”
It remains that their advice – that it seems that GDPR does apply to me – arrived 7 months after my enquiry and 5 months after the law came into effect.
Good job I made a decision off my own back, no?