GDPR and Personal Data What is GDPR? GDPR stands for General Data Protection Regulation. It’s the UK version of EU data protection legislation. If we break this law, we risk consequences to the whole organisation and our ability to communicate. This advice is for everyone volunteering for Extinction Rebellion in the UK and using information which identifies actual people Chat communication tools such as Mattermost or Signal The Hub to find people in roles and circle membership Meeting services e.g. Big Blue Button (BBB), Jitsi, Zoom for your circle’s meetings and work Personally identifiable information (PII) includes names, email, phone number home address, nickname if this clearly associates with only one person, photos and video or any other information which can directly identify a person Sometimes it is the combination of information which identifies a person (e.g. there might be 2 people in a house, only one adult, so age and address combined identifies a person) Personal data GDPR regulations cover all kinds of personal data. This includes all of the personally identifiable information listed above plus an individucal's declared race or ethnicity or religion health issues/ records sexual orientation political views (affiliation to XR is a political view) records of conversations, donations, etc Learn about GDPR Watch the short 6-minute video explainer of why GDPR is important to you and XR. Check your understanding using our GDPR training deck. Quick and easy exercises to help you remember the core concepts! Or use the interactive GDPR training at Rebellion Academy. Why understanding GDPR is important We want to take care of each other, and that includes being careful with information about each other, so complying with GDPR rules is totally in accordance with our XR Principles and Values. Following GDPR is about showing respect to rebels. We want to ensure that all rebels’ personal data is treated with respect and protected from misuse. GDPR provides a sensible set of principles that can help us to do that. If you’re collecting or using personal data, the resources here will help you to understand what you need to do. Our purpose in holding personal data Within Extinction Rebellion UK we need to share information with each other, cooperating to achieve Our Demands. To do this we share personal data so we can form teams, and reach other teams. Be careful with this personal data, and to use it only for Extinction Rebellion’s purpose. Consequences If we have people in Extinction Rebellion (XR) who go beyond these guidelines, we risk alienating each other - breaking trust letting others outside XR get information which might damage our goals or be a risk to the people whose information is shared. having a negative effect on the reputation of XR, and on other people’s willingness to support the movement Planning for the personal data we need to hold A big part of doing this right it to only hold the personal data we need for a specific purpose, and make sure we only allow access as needed. All that and more comes into doing a "data plan". If your team uses personal data, check out the Data Plan checklist below. If you: want to gather personal data - you need to make a Data Plan. already have personal data and you haven't created a Data Plan yet are changing how you use personal data - update your Data Plan needs updating. Here's the link to the detailed Data Plan checklist - please read through this, then contact the GDPR team who will help you from then on. Unsubscribing and data deletion Self-service Action Network emails lists Follow this link to find more information about how to unsubscribe, update details or join a new local group. Hub, Forum, Cloud, Mattermost and Vault You can remove yourself from The Hub, Forums, Cloud, Mattermost and the Vault - click the person icon at the top right of the Hub, click Settings, then click Delete me. Getting help to unsubscribe If you don't want to hear from XR services again e.g. from The Hub, Mattermost, Volunteer website, Rebel Toolkit, Rebellion Academy, CRM systems, Action Network, TESN, Arrestee & Legal Support or Finance contact dataprotection@rebellion.earth. Please specify in your email which systems you want to stop messages from (otherwise someone has to spend a long time checking all of them). If you want to be removed from our systems, contact dataprotection@rebellion.earth. It would help us to know which systems you want to be removed from (otherwise someone has to spend a long time checking all of them). In some cases we won't be able to remove all your entries - in which case we'll let you know which we need to keep. You can contact us via our GDPR & Security Reception channel on Mattermost or by email at dataprotection@rebellion.earth.