We are a Sports Association which consists of 7 Board committee members and 13 club representatives. I have been elected as a Treasurer of the board committee recently. Whenever there are committee meetings, the Board secretory sends out meeting invitations to all committee members and 13 Club representatives. The email recipients are always kept on "BCC" field so one can not independently verify if the the email invitations have gone out to all members? Many times we make important decisions during the meeting such as playing matters, budget/spending matters, election of representatives etc. which require members to caste their vote prior to taking a final decision by the board committee but many times I see most of the members are absent / do not attend the meetings which makes me to ask questions such as if e-mail invitations have been sent out to all members?. So when I raised this matter during our committee meeting "why the e-mail receipients are not kept on the "To" filed ? "; the Secretory brings up GDPR/privacy matter stating h e can't keep the e-mail recipients on the "To" field. This is impacting the legitimacy of the decisions taken during our meetings since only a small number of members are present at the time of voting and probably this is being done purposely to avoid majority of the members being coming into the meetings. I just wanted to know how to deal with this kind of situation? Whether the GDPR law talks about this kind of situation and what is the right thing to do in such situations?
Of course the GDPR does not cover such particular situations and the reason for not disclosing the mail address is that it is not grounded on the GDPR. My suggestion is for the Association to issue a Privacy Notice informing all the members about what personal data is processed for what purposes and what are the lawful grounds for doing that. In your case the most suitable will mostly be “legitimate interest”.