Membership data should be used in line with GDPR. Thus data should be used in a way that is adequate, relevant and not excessive; that it is not kept for longer than necessary; that it is kept safe and secure.