General Data Protection Regulation – GVF Compliance & Legal Obligations

Under the new European Union General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018, organisations, including GVF, are legally obliged to undertake additional and extensive controls on, and monitoring of, the data held on any individual which is used for communications for the purposes of carrying on organisational business.  All aspects of GVF business relating to the dissemination of information about our programmes, and the storage of individual’s contacts data on which this depends, must, by law, comply with the GDPR.


For anyone to continue receiving communications from us – for example, emails about GVF Working Groups, GVF programmes and campaign/lobbying collaborations, issues of the GVF eBulletin, details of events, and any other information – GVF must update any personal data we hold on all individuals and record all individuals’ preferences as to how that data is managed and retained. We are legally required to obtain clearly documented consent both to store any individual’s data and to contact those individuals in the future.  If we do not receive your consent, we will be legally obliged to remove your data from our database and we will no longer be able to contact you.


In the next several weeks we will be contacting all individuals who currently feature on our database of contacts to request their documented consent to our keeping their data details and to continuing to contact them. If we do not receive this consent – which will take the form of a completed Form of Consent from each individual – we may not, in law, assume that consent is given. Consent must be given and confirmed by each individual concerned, and documented by us, before we can continue to communicate with any individual.  When you receive a request from GVF with Subject: General Data Protection Regulation - Form of Consent, please treat the communication as important and return the completed form distributed to you to GVF ASAP.