1
The Common Room / GDPR in Genealogy Data
« on: Wednesday 02 January 19 14:33 GMT (UK) »
Hi,
I have tried to research (this site and others) the applicability of the recent EU General Data Protection Regulation (GDPR) to genealogy data but landed up going round in circles and more confused than when I set out. Can anyone advise on the following:
1.
GDPR replaces the UK Data Protection Act (DPA). My understanding was that genealogy data was exempt from UK DPA because the act related to living persons data only and also genealogy data was collected for personal research. However if the data of living persons was collected and passed onto others the exemption was voided. Does the same apply under GDPR ie basic genealogy data on living persons cannot be passed on without their permission?
2.
Recent developments in genealogy software packages means that data may be transmitted from user PC’s across the internet to match that data against databases on servers. These are often located in foreign (non EU) countries. Are users of this kind of software service who have living persons in their family tree software unwittingly contravening GDPR?
I have tried to research (this site and others) the applicability of the recent EU General Data Protection Regulation (GDPR) to genealogy data but landed up going round in circles and more confused than when I set out. Can anyone advise on the following:
1.
GDPR replaces the UK Data Protection Act (DPA). My understanding was that genealogy data was exempt from UK DPA because the act related to living persons data only and also genealogy data was collected for personal research. However if the data of living persons was collected and passed onto others the exemption was voided. Does the same apply under GDPR ie basic genealogy data on living persons cannot be passed on without their permission?
2.
Recent developments in genealogy software packages means that data may be transmitted from user PC’s across the internet to match that data against databases on servers. These are often located in foreign (non EU) countries. Are users of this kind of software service who have living persons in their family tree software unwittingly contravening GDPR?