The General Data Protection Regulation (GDPR) came into force on 25th May 2018, replacing the old Data Protection Act. This affects clubs of all sizes as well as commercial organisations.
With regard to Mylor Bridge Bowling Club, we complied fully with the previous DPA so we did not need to make wholesale changes to conform with the new regulations. We have, however, reviewed our systems and processes to ensure we are equally compliant with the new act.
The following are the key areas relating to the GDPR and its impact on the Club;
For the purpose of compliance, the club includes personal details such as name, address, telephone, email, date of birth, previous clubs/experience as ‘sensitive information’. Details relating to medical conditions, ethnicity, family, employment or other do not form part of the club’s information or application process.
Data Protection Officer
We are not large enough or handling sufficient sensitive data to warrant such a position. The web administrator and club’s Hon. Sec. will ensure that the club follows its policy guidelines and GDPR regulations are complied with. If any member has concern about the use or storage of personal data, they are entitled, in the first instance, to make representation to the club’s Honorary Secretary, who will escalate the matter to a higher authority, if a resolution cannot be achieved.
The club website, together with its associated data, is hosted within a secure environment, behind multi-faceted firewalls, designed to prevent unauthorised access. The site operates a multi-tier access policy, allowing varying levels of administrative and viewing access, which are all password protected and controlled through a master administrative process. Hosting servers are replicated to ensure continuity of operation and remove the risk of data loss. Offline files are stored on personal computers, which require protected logon to use. Reasonable care is taken with the storage of paper documentation, to ensure it is not accessible by unauthorised personnel.
Collecting and storing of information
In line with Article 6 of the UK GDPR Act, the lawful basis on which the club complies with the act is that members have given consent for specific personal data to be collected and used for bona-fide club management purposes. All personal information about members has been freely provided by the members and not obtained through online or mass mailing, collection techniques. Each member has the right to determine what information is held or available to other members. Member contact information is held in files by the Secretary and web administrator. All such files are password protected to open and separately protected for editing. Information within the online member directory is only available to active members, who have to log on with a unique user name and password. Each member has full control over the content of their online profile and what information can be viewed. All members will be asked to proactively confirm that they agree to their inclusion in membership database documents and files as well as the member directory. Any member has the right to request that their inclusion or ‘profile’ be removed completely. New applicants who complete a paper or online form will confirm their agreement to be included as above and the data they provide will be protected in the same way as existing member data. Any member leaving the club will be removed from the active directory and will no longer have access to the restricted areas of the website.
Members may from time to time submit photographs for inclusion in the club website or some other publication, or be included in submissions by other members. By virtue of joining the Club, members agree to images of themselves, in a Bowls context, being freely published in appropriate locations. Should any member request the removal of any image of themselves, this will be complied with. The exception to this is ‘general view’ type images which include numbers of people who are unidentifiable as part of an overall scene. Should, however, any person included in such an image request that it be removed, then the picture will be edited or taken off completely. No pictures of children will be published in any form without correct parental or guardian permission. Members have the option of including a photo as part of their profile, but this is totally within their control.
- Ensure you have set up your password and checked/edited your profile.
- Confirm your agreement to be included within the member directory.
- Ensure that any documents you create, such as minutes, reports, etc. and which include sensitive information are correctly protected.
- If you believe there has been a security breach or the club has not conformed to GDPR regulations, report it to the secretary or web administrator.