General Data Protection Regulation (GDPR)
This is to help you understand the basics of the General Data Protection Regulation (GDPR) and how it will impact us as an organisation. We also hope that it will help you to consider what changes may be required by you, our members, clubs and county associations.
We currently rely on the Data Protection Act (DPA) 1998. However, data and technology has changed dramatically over the last 20 years and GDPR will supersede the DPA. The basic principles remain in place and continue to provide the basis for the way people’s data is managed:
- Data must be used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Accurate and kept for no longer than is necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the European Economic Area without adequate protection.
Aims of GDPR
GDPR is the result of work by the European Union (EU) to bring data protection legislation in line with changes in the way data is used. GDPR is intended to extend additional protection for individuals and their data, providing greater transparency and control over where their data is saved and used. If your sports club or association holds the personal data (i.e. information that identifies a living individual) about a number of individuals including employees, members, volunteers, athletes, coaches and others, then you need to be aware of the General Data Protection Regulation (‘GDPR’).
The GDPR will come into place in all EU member states from 25 May 2018. GDPR will apply automatically as it is a regulation, not a directive.
The video on the Club Solutions Data Protection page offers a basic explanation of what GDPR is and how it will affect you.
Sport and Recreation Alliance provide a free GDPR toolkit for clubs and county associations.