GDPR and the IPF

In May 2018 the rules governing how we manage data are due to change and become more rigorous. Data protection affects every IPF member, and below we will explain what we will be doing to ensure the security and protection of your data.

What is data protection?


The IPF collects and processes a range of data from its members for the purposes of administering your membership, and providing you with the best service possible.

Data protection legislation sets out the requirements for how the IPF, as a data controller, processes personal data. Personal data is defined as any data that identifies, or is likely to identify, a living individual, including facts and opinions.
The IPF is fully committed to the principles of data protection, as set out in the Data Protection Act 1998. We process and maintain personal data about you so that we can manage your membership, provide you with appropriate products, services and share information with you about IPF activities.

In accordance with the Data Protection Act, we have a legal duty to protect any information we collect from you. We will only use your information for the purpose as described. We do not pass on your details to third parties unless you have given us permission to do so or there is a legal obligation or statutory requirement to do so. You also have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected.


On 25 May 2018, the EU General Data Protection Regulation (GDPR) will replace the current Data Protection Act. Despite Brexit, the Government has confirmed its intention to bring the EU GDPR into UK law, ensuring the country’s data protection framework is suitable for the digital age and allows data subjects (i.e. you) better control of their data.

The eight principles of the existing data protection act still apply but the new Regulation means there will be greater transparency around areas such as consent, privacy notices, reporting of breaches and transfer of data outside the EU.
For the IPF, this includes reviewing our processes and procedures around key areas such as security and retention of data, subject access requests and data breaches, updating agreements with third party data processors, and providing training to staff.

We are also conducting an internal audit of our current practices to highlight any potential areas of weakness in GDPR compliance, so that we are able to focus on the key changes needed in preparation for the change in legislation.
How will this affect members?

At the IPF, we will continue to respect and protect the personal data we collect about you.

We will be adding to/amending our data protection disclaimers in light of the GDPR, so you might notice changes to our application forms and terms & conditions. It is important that you understand what we are doing with your data.  We will enhance our privacy notices on the website and on any new systems you register for, to inform you, at the point that we collect your data, about why we are collecting it, how we will use it and how we keep it safe.
The majority of personal data we collect about you is necessary and for the legitimate purposes of the organisation e.g. maintaining your membership record or informing you of member events. 
At times we may need you to provide explicit consent for your data to be used by positively opting in (e.g. if personal data needs to be shared with another organisation for a specific purpose such as running a joint event). We will notify you if this is the case.

You are able to request a copy of the personal data we hold about you (known as a subject access request) – you will receive a response to this within a month.

Further information

If you’d like to find out more about the GDPR changes, please see the Information Commissioner's Office website. If you have any specific questions about the IPF’s data protection policy and how GDPR affects you, please contact Frankie Clay, Associate Director –