@Jopparn This one might have to be bumped up to the board for a general outline

I am investigating if we can add keep a register of members offline (i.e. on paper) for the ones that hasn't agreed on us storing their data in accordance with the GDPR demands. I am hopeful that this will be only very few people after a few reminders.

Re offline storage:

Beträffande fysisk lagring, så är det också en behandling av personuppgifter. Naturligtvis kan vi erbjuda det för dem som inte vill finnas i ett dataregister. Dock bör vi ange i registerförteckningen på wikin att vi har ett sådant register, och det skall förvaras inlåst.

To summarise, it is something we can offer but we cannot do it as a fallback for users who have not given any consent.

This one (or at least a skeleton) would be good to have in place so that we can refer to the consequences when sending out T194017: Send out call for giving consent in Zynatic this week

• Lack of general consent

The conclusion is that this is not needed for anyone who became a member before the introduction of GDPR. Instead we will rely on "intresseavvägning".
It is as of yet undecided if this also affects future members (who will be required to consent if they sign up online) or historical members who have not paid their 2018 fee.

• Lack of parental consent (for members <13 years old)

There is a need for explicit parental consent. As a result these members would be removed.

• Members who have not filled in a birth date (or filled in date which we could not reasonably assume to be true). [i.e. it could be argued we have not done our due diligence to ensure they are not <13]

The suggestion is that our basic assumption is that our members are of age. When signing up (and in a one-off e-mail) they will be asked to contact us if they are under 13.

• What to do with received membership payments where the member had to be removed from our system for one of the above reasons

Undecided but per the above this would only affect underaged members.

When a policy has been set a reminder e-mail should be scheduled explaining this to everyone who has yet to give consent (possibly limited to those who have paid for 2018).

An e-mail is being prepared for everyone registered in our system informing them about the changes to our privacy policy, the reasoning behind it and information on how they can check the information that is registered about them. T194017: Send out call for giving consent in Zynatic

A second e-mail e-mail will be prepared to the few members registered as being under 13. It asks if the data we have about their age is correct, if so we need parental consent (form attached). If not then they need to log in and update their data. Failure to take action means loss of membership.T194033: Get parental consent for underaged members