A summary for Clubs on GDPR
We are not in a position to offer direct advice on legal, commercial or financial matters, however this summary document has been created to highlight the areas clubs may have to address.
Information Commissioners Office (ICO) Guidance
There is a raft of information available online about GDPR however not all of it is reliable. We recommend viewing information online via the UK’s independent authority, Information Commissioner’s Office. They have also set up a hotline for small businesses which you can reach by phoning 0303 123 1113 and selecting option 4.
The ECB has produced a number of guidance documents and templates for clubs to use:Top tips for GDPR compliance GDPR FAQs Adult membership form Junior membership form
Practical things for clubs to do
Essentially, if you've identified that you are going to be collecting personal data then you need to understand and document the lawful process for you doing so before you process it. There are seven lawful processes under GDPR which are all listed on the GDPR website. The lawful process for you processing data will be documented in your privacy notice which needs to go out at the point of collecting data.
The most common collection of data for a club will be in the form of collecting membership data. In this instance, we would strongly recommend clubs using the templates provided above, as they also contain template privacy notices which outline your lawful reason for collecting data.
Other pratical things to do would be to consider:
- How much old data you hold and is it necessary for you to still old that data
- How you share data between club officers - e.g. encrypting spreadsheets