General Data Protection Regulation 2018 (GDPR)
Baslow Bowls Club (BBC) Policy and Action Plan
Given the recent coverage of data breaches involving Facebook and other large organisations, it is appropriate that tough new data protection regulations are to be introduced. They will take effect from 25 May 2018. The regulations apply to multi-national corporations but they also apply to small organisations like Baslow Bowls Club. Data is any information we hold about club members such as name, addresses, email addresses etc. The new regulations require that we tell members about what we hold and what we do with that information.
1. Awareness
The BBC committee as the nominated decision makers of the club, needs to make sure that they are aware of the changing legislation and the impact this is likely to have.
Actions
a) Hold a GDPR Committee meeting to ensure all the Committee members are briefed on the principles of the legislation and include it as an agenda item for forthcoming meetings.
b) Make members aware of the legislation using bulletins, events, AGM, website, newsletters etc.
c) Include a privacy notice/consent form on the membership form for 2018 and include on membership form for 2019.
2. Information the club holds
The BBC Committee needs to document what personal data is held, where it came from, who we share it with and how long we keep it. BBC also needs to have a process for asking for and recording consent.
Actions
a) Member information, name, address, email addresses and telephone numbers are gathered via the annual membership form. We need to inform members about what information we hold, how we use it (including how we share it) and how long we keep it. We will do this by email and ask each member to reply with informed consent. Members not on email will be written to by hard copy and asked to send a reply by hard copy. The Secretary will hold this information.
b) The above information is shared with all club members in the;
I. annual members details list
II. round robin emails to communicate club information
III. those who play in league matches, name and BCGA number only
IV. county BCGA annual return, name and BCGA number only
V. Baslow Sports Field CIO members database
VI. Club secretary divulges telephone numbers of team captains to opponent team captains on request
c) We will include information to this effect on the Membership Form 2019.
d) When a member leaves the club, their information will be deleted from the clubs records immediately.
3. Communicating privacy information
The BBC committee need to have a plan in place to review our current privacy notices and make any necessary changes in time for GDPR implementation in May 2018.
Actions
a) Include a privacy notice on membership form 2019 and devise a consent form for members to complete.
4. Individual Rights
The BBC committee need to check procedures to ensure they cover all the rights individuals have.
Actions
a) If a member asks for their data to be deleted we shall remove it from everywhere it is held.
5. Members Request for Information BBC holds on them
Individuals have the right to ask what information is held on them. The BBC Committee needs a procedure to deal with this.
Actions
a) If a member requests the information which is held on them, a request must be made to the club Secretary who will comply within the statutory one month.
6. How we use Members Personal Information
The BBC Committee needs to identify how member’s personal information is used.
Actions
a) We will review the information we hold and how it is currently used.
I. From 2018 the membership details list will only contain name, telephone numbers and email addresses.
b) We will explain to members how their information is used in the privacy policy included on the membership form and the consent form sent to members in April 2018.
7. Members Consent
The BBC Committee needs a process to obtain the consent of members to hold their data and a process on how we record it.
a) We will devise a consent form and circulate to all members and ask for a reply.
b) In 2019 we will change our Membership Form to reflect the changes to the legislation.
c) We will retain this information in a safe place.
8. Children
The club does not have any members under the age of 18 so this area of the regulation does not apply to BBC. If this changes we would have to review the policy.
9. Data Breaches
The BBC Committee needs a procedure in place to deal with a data breach.
Actions
a) Inform any individuals involved
b) Change any passwords
c) Inform the Information Commissioners Office
d) Seek further advice where necessary
10. Data Protection Officer
The BBC Committee should decide whether or not an officer is necessary and if so, who that should be.
Appendix A
Baslow Bowls Club – General Data Protection Regulation Consent Form
Given the recent coverage of data breaches involving Facebook and other large organisations, it is appropriate that tough new data protection regulations are to be introduced. They will take effect from 25 May 2018. The regulations apply to multi-national corporations but they also apply to small organisations like Baslow Bowls Club. Data is any information we hold about club members such as name, addresses, and email addresses. The new regulations require that we tell members about what we hold and what we do with your information.
- What information we hold on you
Name, address, email address, telephone numbers (landline and mobile), and BCGA numbers.
- Where it is held
Secretary’s local database and on membership forms (hard copy).
- Where it is shared
I. to all members via the annual members details list
II. round robin emails to communicate club information
III. for those who play in league matches, name and BCGA number only
IV. county BCGA annual return, name and BCGA number only
V. Baslow Sports Field CIO members secure database name, email and telephone numbers
VI. Club secretary divulges telephone numbers of team captains to opponent team captains on request
- How long we hold your information
Information will be held for the current season and deleted when you are no longer a member. We never share your information with any other organisation other than those listed above.
If you agree for Baslow Bowls Club to retain and use your information as set out above please sign, date and return to John Watts in hard copy format.
Signed ________________________________ Date _______________________
if you do not agree for Baslow Bowls Club to retain and use your information as set out above please sign, date and return to John Watts in hard copy format. Please note that if you do not agree, we will not be able to invite you to renew your membership or communicate club news to you.
Signed ________________________________ Date ______________________
To download the form to sign and return click the link below.