-
here's an example of one org that I know took legal advice and sent this out:
Privacy Statement
As many of you will be aware, new regulations regarding data
protection have come into force this month.Organisation takes our responsibility for protecting data seriously
and have reviewed our practices to ensure we work in accordance with
the General Data Protection Regulation (GDPR) which is designed to
improve data security and privacy of European citizens.Over the last two months we have been assessing the way we gather and
store information in respect to this new legislation. We would like to
give some keys points about this to you so you know that you are in
control:Your data (for example your name and email address) will be kept
securely by us and will not be passed onto any third party. You can
update your preferences and unsubscribe at any time by clicking the
link at the base of every email we send you (this is organised through
email service iContact). You can also ask for your information to be
changed or removed by contacting us directly by emailing
info@organisation.org.uk. Your information is used solely for the
purpose of sending you updates which we think will be of interest to
you in respect to our programme and activities.If you feel at this stage that you would like to unsubscribe from our
mailing list please click the word 'unsubscribe' at the base of this
email. This is tailored specifically for you as the addressee of the
email.Pretty comprehensive, doesn't have any clauses about indefinite/time limited.
(edit) Velocio's already covered this. doh.
You are reading a single comment by @deleted and its replies.
Click here to read the full conversation.
deleted
PhilDAS
What you’re saying is right only you cannot keep anyone’s data indefinitely now. If someone is inactive, you must delete their data after a reasonable timeframe. Indefinitely is not reasonable