With GDPR we now need to ensure we have explicit consent for handling the personal data. But what do we do with members where this is lacking?
Since removal from the membership system equates to being removed as a member of the organisation a policy document is needed for this. Specifically it needs to deal with
* Lack of general consent
* Lack of parental consent (for members <13 years old)
* Members who have not filled in a birth date (or filled in date which we could not reasonably assume to be true). [i.e. it could be argued we have not done our due diligence to ensure they are not <16]
* What to do with received membership payments where the member had to be removed from our system for one of the above reasons
When a policy has been set a reminder e-mail should be scheduled explaining this to everyone who has yet to give consent (possibly liited to those who have paid for 2018).