In May 2018, data protection laws changed, and if you run a sports club, association or a similar organisation you need to make sure you understand your responsibilities when it comes to the personal information of your members, staff and volunteers.
The Information Commissioner’s Office (ICO) is responsible for making sure all organisations comply with the law including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018) which both came into force on 25 May 2018.
The GDPR and DPA2018 govern the use of personal data. Personal data is more than just someone’s name or address – it can be any information that relates to a living individual. You can find out more about what personal data is here.
Information security and training
Personal data is an asset to all of us. It’s therefore important that you protect the personal information you hold about your members with the appropriate level of security. This means having measures in place to ensure it is stored and used appropriately, especially as you may be collecting and using information about children. Find out more and read our checklist here.
If any of your staff or volunteers have access to personal data, it’s important that they are given some level of data protection training. It doesn’t have to be rigorous, but it does need to be relevant to their role. You can find more information and useful resources here (LINK – https://ico.org.uk/for-organisations/ ).
People’s rights to their information
Under the new laws, people have increased rights giving them greater control over their personal information. For example, individuals have a right to be told what is happening to their information – this is often done through providing an individual with a privacy notice, but can also be done verbally. Individuals can also ask you for copies of their information. This is called a subject access request. You can find out more about these rights, along with the others, here.
Data protection fee
The law requires most organisations who process personal data to pay a fee to the ICO, unless they are exempt.
If you’re not sure if you need to pay you can check using the ICO online tool.
For most sports clubs, it will likely be £40, but you can check here to see how much you have to pay.
You can pay online – it takes about 15 minutes.
How do I find out more?
If you have any data protection concerns or queries, please remember that ICO is here to help. They provide support and advice to all organisations to help them comply with the law.
Guidance is available on the ICO website, but if you would like to speak to someone directly you can call their Wales office (in Welsh and English) on 0330 414 6421.