GDPR – FAQ1 - GENERAL
Q: What is this GDPR?
A: GDPR stands for General Data Protection Regulation. This is a regulation instrument approved by European Union member states and the European Parliament, taking effect EU-wide on 25th May 2018. The UK Government is currently (mid-April 2018) progressing a Bill through the UK Parliament which will consolidate GDPR into British law and add some UK bells and whistles. The GDPR should in principle rest intact. GDPR is very likely to remain imbedded in UK Data Protection law once Brexit is consummated, but that is only a reasonable expectation at this stage.
Nonetheless since GDPR will have a significant impact on companies inside the EU, and also affect companies exporting to the EU, there are forecasts that it will become the world standard.
Q: And that other ‘thingmy’ – the ICO?
A: Even before GDPR was developed at the European level, the UK like many other countries, had basic Data Protection/Privacy legislation, and thus a Regulator to lead and educate the public and also act on complaints. The ICO (Information Commissioner’s Office) is the UK’s independent authority set up some years ago to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Q: What do I as a SBU member, club, district or SBU official need to know about GDPR?
A: Three major things.
(i) the intent of the GDPR is to “give back control” of EU citizens’ data to the citizens themselves.
So, officials should not view club membership data as data belonging to the club, the data belongs to the individual players, and thus any official or the organisation involved has to have solid legal reasons why you handle and store it.
(ii) member/player’s data belong to the players themselves; that means that a club secretary for example has to handle it carefully, have adequate security practices and need to explain to club members what it is used for, and who else you allow to see or use it.
(iii) The more sensitive the data you collect from members, the more risk there is and thus the more care is needed. One way therefore to reduce risk and workload, is to reduce the amount of data you hold per player, and above all try not to hold sensitive data. Holding data such as names and addresses, telephone numbers, email addresses is less onerous than holding credit card numbers, DoB, etc.
Keep it simple.
Q: Should I as a club officer worry?
A: The short answer is … not really. The longer answer goes like this ….
No one is going to be thrown into jail or have a large fine levied in our sort of environment, but it is still highly advisable to be prepared and thus there are things to be done in the coming months.
See later …
Q: This is all too complicated, just tell me as a club official what do I have to do.
A: Not so much, but best look at the guidance in the Club/District GDPR section on the SBU website.
In particular you need to look closely at your initial club registration/application form.
Q: As club Secretary I do not have a computer, I keep my member records in a shoe box, with one “bristol card” per member, suits me, works fine. So I do not need to worry about this at all, right?
A: Sorry, NO. You are still holding your members’ data, so you are still in the loop. But yes, you do have much less concern because there is little or no technology risk involved. Remember you are the custodian of personal data/information which does not belong to you - if you do not want to annoy your club members, look after it.