Time estimate: 10 minutes
Topics: Lighthouse, Lib Dem systems, data protection
Lighthouse gives you access to personal member data, which means you need to be aware of the importance of data protection and complying with GDPR before you access the system.
You will see that if you download any data in a report from Lighthouse, it is automatically password protected. The password will appear on your screen when you download it, and a new password will be generated each time. We will cover downloading reports later in this session.
Only send on files containing personal data to other LPOs if you absolutely have to, and make sure you password protect the file.
It is essential that you send the password using a different method to the method you used to send the data, for example by phoning with the password if you’ve emailed the data.
You must choose a strong password with a minimum of 8 characters which includes a combination of lower and uppercase letters, numbers and characters.
If the person you’re sending data to is a fellow Lighthouse user, please use a report instead of downloading a file.
If you are sending an email to more than 15 recipients you must use an approved bulk email provider. The approved email providers are Mailchimp or Prater Raines.
You must never send an email to more than 15 people, or any email that could be considered marketing using your personal email address, or without using a bulk email programme.
Please make sure that you are only sending communications to individuals who have opted into receiving communications from you.
If an individual gives you their contact details they must only be used for the purpose/s they were given. To find out more about how to ensure you’re only contacting people in your local party that you have permission to contact, please read our Contact Preferences cheat sheet carefully before sending any emails to members, supporters and donors.
We will cover how to change contacts’ preferences in a later section.
Do not store personal data outside of the Lib Dem approved systems.
If it is necessary, data stored on electronic devices must be encrypted with a password. Hardcopy data must be stored in a locked drawer/cabinet.
Once you no longer need the data you have downloaded you must delete it immediately.
Hard copy data must be shredded using a crosscut shredder or destroyed using a professional confidential waste service provider.
All data breaches and any Subject Access Requests must be reported immediately to firstname.lastname@example.org
If you want to know more about GDPR, you can read the party’s comprehensive guide here.