Ok, so the group I am in has GDPR policy that only committee members can access emails and the email account. All good
We also have a Facebook group but we have one person who is not on our committee who has Admin access to this account.
So, the same type of data is available from both email and Facebook accounts - email address, names, phone numbers, addresses etc.
Are we in breach of our own policy? Is email and Facebook kinda treated the same? The ECHR has stated that Facebook admin are classed as data controllers but our policy indicates that only committee members can be data controllers.
I'm hoping the answer is yes so that I can tell the Facebook admin to f*** off
PS - the Facebook admin wrote our GDPR policy