If you run a sports club, association or a similar organisation you need to make sure you understand your responsibilities when it comes to the personal information of your members, staff and volunteers.
The Information Commissioner’s Office (ICO) is responsible for making sure all organisations comply with the law including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018).
The GDPR and DPA2018 govern the use of personal data. Personal data is more than just someone’s name or address – it can be any information that relates to a living individual. You can find out more about what personal data is here.
Data protection officers (DPOs) assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the ICO. Not all organisations are required to have a DPO, this self-assessment tool will help establish if you need one.
Information security and training
Personal data is an asset to all of us. It’s therefore important that you protect the personal information you hold about your members with the appropriate level of security. This means having measures in place to ensure it is stored and used appropriately, especially as you may be collecting and using information about children. Find out more and read our checklist here.
If any of your staff or volunteers have access to personal data, it’s important that they are given some level of data protection training. It doesn’t have to be rigorous, but it does need to be relevant to their role.
People’s rights to their information
Since the new laws, people have increased rights giving them greater control over their personal information. For example, individuals have a right to be told what is happening to their information – this is often done through providing an individual with a privacy notice, but can also be done verbally. Individuals can also ask you for copies of their information. This is called a subject access request. You can find out more about these rights, along with the others, here.
Data protection fee
The law requires most organisations who process personal data to pay a fee to the ICO, unless they are exempt.
If you’re not sure if you need to pay you can check using the ICO online tool.
How do I find out more?
If you have any data protection concerns or queries, the ICO is here to help. They provide support and advice to all organisations to help them comply with the law.
Guidance is available on the ICO website, but if you would like to speak to someone directly you can call their Wales office (in Welsh and English) on 0330 414 6421 or email firstname.lastname@example.org
There is also an SME web hub available for small organisations, which contains a number of useful resources you can draw on.