General Data Protection Regulation (GDPR) is the new European law that took effect across the UK on 25 May 2018. The legislation affects anyone living inside the EU and any organisation that holds the data of EU residents.
DPR replaces the Data Protection Act 1998 (DPA). GDPR is designed to strengthen the DPA and to give EU citizens more control over how organisations use their data – with large fines introduced for organisations that do not comply.
Any club or organisation that collects/holds the data (digital or physical) of any EU residents is expected to comply and we could receive a hefty fine for failing to do so.
Hopefully not but our Committee, Coaches and administrators must be careful about how we collect, store and process data about our club members. This is an area we should already be vigilant with but now requires extra scrutiny to ensure compliance.
For any member data held by LBBFC the member will need to confirm that we have a legal basis to use their data for this purpose. This legal basis will often be based on consent:
i.e. “the individual has given clear consent for you to process their personal data for a specific purpose.”
LBBFC will make the purpose clear to the member at the point of collection. Whilst consent is often best practice, LBBFC are able to store and process member’s data for a legitimate compliance and legal basis:
More information on establishing a legal basis available from the ICO website.
Any data that LBBFC hold on our members is subject to GDPR. This includes any spreadsheets, surveys, forms and any other documents, paper or digital, that may contain data about your members.
It is recommended that we destroying any of this information that is not absolutely necessary. But where LBBFC do continue to hold/collect it is important to consider and follow the guidelines:
Information Commisioners Office (ICO)
“The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”