top of page
Data protection 
Registration and new requirements from 2018


We have a duty to protect HHGERA members’ information and privacy. The approach set out below was shared with and approved by the Association's 2018 Annual General Meeting. Click here to see the formal Data Privacy Notice, setting out our data protection policy.

  • From 23 May 2018, Data Protection Act 1998 has been replaced by General Data Protection Regulation (EU) and Data Protection Act 2018. Brexit will not change this. Paper and electronic data are covered.

  • HHGERA needs to hold personal data (names and addresses of owners/occupants; contact details of HHGERA officers) but not sensitive personal data (political opinions, health, religion, sexual orientation etc).

  • The Act allows us to use this data where necessary for the legitimate interests of the Association (eg collecting service charge, registering service road keys, consulting members).

  • HHGERA is a data controller under the Act and may share data with data processors (eg Japan Services, which maintains the service road keys register).

  • We must be registered with the Information Commissioner as a data controller.

  • HHGERA must ensure that personal data is:

    • Processed lawfully, fairly and in a transparent manner

    • Collected for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes (eg not sold on to all and sundry)

    • Adequate, relevant and limited to what is necessary

    • Accurate and, where necessary, kept up to date

    • Kept for no longer than is necessary

    • Kept securely

  • We must take care to protect data, and record how this is done, and ensure third parties adopt equivalent measure (eg password protection, encryption, safe disposal).

  • We must tell members what we do with their data via a data protection policy setting out what data we hold, why, how long for, whether/how we will share it, and who to contact.

  • In practice, the data we hold is not especially sensitive. But the 2018 HHGERA Annual General Meeting (AGM) agreed the following actions:

    • Registration with ICO

    • Data protection policy to be drawn up and put on HHGERA website

    • Service charge database to be password protected and only held as needed

    • No sensitive personal data to be stored

    • No data to be shared with 3rd parties other than for its original purpose

    • Exchange of correspondence with any 3rd party processor setting out expectations

    • Implementation of this plan following the AGM.

bottom of page