What is General Protection and Data Regulation (GDPR)?
General Protection and Data Regulation (GDPR) is regulation in EU law that governs data protection and privacy of all individuals within the European Union (EU). GDPR will become law in the UK too as the Data Protection Bill comes into effect on 25 May 2018.
What does it mean by personal data?
Personal data is any information whatsoever that can identify a living person who is in the EU or in the UK and falls under GDPR. A few examples might be their name, address, age, email, allergies or a photo.
What is the difference between a controller and a processor?
A ‘Controller’ is a company/organisation that collects personal data and chooses how to store and use it. For a sports club collecting personal data on membership and deciding how it will be processed, they must abide by the rules within GDPR.
A ‘Processor’ assists a controller by processing personal data; they are a third party who might store the information (Pitchero is a Processor in the case of clubs using their website platform) but crucially, don’t decide how it is used.
What does consent mean for our sports club?
Consent is the term used to describe explicit permission given to a sports club for them to collect, store and use personal data for the purposes of their administration. Whenever a club collects personal data, it must be after a person has ‘opted in’ by ticking boxes in an online form or signing a document. Pre-ticked boxes or assuming consent are no longer acceptable. Consent can also be withdrawn at any time.
What is a subject access request?
An individual can make a ‘subject access request’ to a sports club (or any organisations holding their personal data) verbally or in writing. Under GDPR, individuals can ask to see a copy of all of the information an organisation holds about them and a sports club has to provide that, in a convenient, readable format, within a month.
How important is data security under GDPR?
A sports club must take all reasonable steps it can to not only justify why it’s collecting and using personal data but also to keep that information as secure as possible. The Pitchero website platform runs in Amazon Web Services (AWS) data centres. AWS offers the highest standards of security compliance so clubs can have peace of mind on that front.
Thought should be given by sports clubs as to personal data held offline and how to better protect it as well as encrypting any electronic devices and if sending data electronically. Update passwords and review how your clubs currently operates regarding data security.
What support can you get from Pitchero?
Why not start with the GDPR resources and have a read of the GDPR blog articles for the latest advice? Pitchero has introduced a means for clubs to include their privacy and data protection policies. In Account > Settings, there are new privacy settings for each user to amend easily at any time and any Email Preferences changes now update in real-time.