GDPR and Lottery Syndicates

[Deleted member 313545]

I have a colleague who runs a lottery syndicate, and sends out weekly emails with our tickets and so on.

Recently, he has started using bcc to send these emails, rather than just send them to everyone and let people see who it has been sent to.

He claims this is because how he has read the GDPR rules and thinks this is how he needs to do this now, but I don't see how it is relevant in this case, it's just an email stating what tickets he has bought, and then a subsequent email with whether we have won anything or not.

Obviously it's not a major problem with him sending the email to a bcc group, but it prevents us having email discussions if we get a big win or anything like that.

I'd like to put his mind at rest. Can anyone familiar with GDPR offer any advice?

 

[Scalloway]

This article explains why you should use bcc for emailing groups

https://www.linkedin.com/pulse/gdpr-why-bcc-your-friend-whatsapp-could-risk-adam-prince/

Do you run a club, a charity or a business and maintain a mailing list or have a WhatsApp group? If so, you need to think about the General Data Protection Regulation (the “GDPR”). If you let anyone know another person’s e-mail address or phone number without a lawful reason you are already breaching the existing legislation (the Data Protection Act) but after May 25th 2018, when the GDPR comes into effect, the penalties are much higher. You may be liable for a fine up to €20mil or 4% of your company global turnover (whichever is higher)!

 

[fisicx]

He is being a bit over zealous. Everyone in the syndicate already knows everyone else so sending out a group email isn't a problem.

The communications should be detailed in the syndicate agreement you all signed: https://www.national-lottery.co.uk/games/syndicates

 

[Mike Kilby PC.dp]

I agree with fisicx reply but there is a simpler answer as well.

If the email is a group of friends participating in a syndicate, and it is not run as part of the employing company, the GDPR simply does not apply.

There is a caveat (Article 2 part 2) that the GDPR does not apply when conducting personal affairs, hence why the general public do not need to get consent or document why and how they use someone’s email.

 

[Deleted member 313545]

Thanks, for the advice, I also thought it didn't apply because this was a personal thing.

 

[MartaCBuckner]

If your are concern about the big win in the lottery, that would be depends on the lottery syndicate contract

 

[MartaCBuckner]

Before you start a syndicate, you must have a proper syndicate contract with the sign of all the members including the syndicate manager