Purpose and lawful basis for processing

We currently act as secretariat for the Global Privacy Assembly (GPA) and process the personal data of GPA members, observers, alumni, conference speakers and relevant representatives of the privacy media.

Data is processed by us to further international cooperation amongst data protection and privacy commissioners and fulfill our role as secretariat. This includes processing to handle member and observer applications, facilitate GPA events, produce and distribute the GPA newsletter and communicate conference news and press releases to interested parties.

The lawful basis we rely on to process this personal data is Article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

Where the information processed by us is special category data the lawful basis we rely on to process this data is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of individuals’ fundamental rights and Schedule 1 part 2(6) of the DPA 2018, which relates to statutory and government purposes.

In the case of the GPA e-newsletter the lawful basis we rely on to process the names and email addresses of recipients is consent under Article 6(1)(a) of the GDPR.

What we need

We process names and contact details to communicate with relevant individuals about the work of the GPA and its events. We may also process photographs and biography information for members or individuals attending our events as well as health data relating to any dietary requirements or access needs.

What we do with it

We will use your name and contact details to correspond with you about the GPA. This will include communicating with you about events, to distribute key messages from the executive committee and to provide you with the GPA newsletter where we have your consent to do so. In the case of the contact information we hold for representatives of the privacy media we will use this to contact you with any press releases concerning the work of the GPA. Data will be shared with our data processors when required to fulfil our role as secretariat.

How long we keep it

We will retain this data for the duration of our tenure as Secretariat of the GPA. This is currently scheduled to end October 2021 (renewed in October 2019). In 2021, the next elected secretariat will become the controller for this data.

What are your rights?

We process your personal data for our regulatory purposes so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which will depend on why we are processing it.

We rely on your consent to process your contact details for the purpose of distributing the GPA e-newsletter. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If at any point you want to withdraw your consent please email secretariat@globalprivacyassembly.org or call us on (International dial code +44) 0303 123 1113. If you do that, we’ll update our records immediately to reflect your wishes.

For more information on your rights, please see ‘Your data protection rights‘.

Do we use any data processors?

Yes – we use the following data processors

  • Twitter (social media)
  • Youtube (social media)
  • SnapSurvey

Do we transfer data overseas?

Yes – we transfer data overseas primarily to the members of the GPA Executive Committee from Burkina Faso, Philippines, Australia, Mexico, New Zealand and Albania.