The General Data Protection Regulations (GDPR) came into force on 25 May 2018. These regulations apply to any organisation, including small sport and social clubs which collect, retain and use personal information which is defined as any information about any living person. The regulations apply equally in respect of paper records and information held electronically.
The Office of Information Commissioners are responsible for overseeing and enforcing the regulations and can impose severe fines in the case of serious data breeches. Non compliance is simply not an option.
Currently, with the exception of a few long standing members, the club holds limited information on all members. This basic information includes names, addresses, email addresses, contact telephone numbers, dates of birth, emergency contact details, and can include brief details of relevant medical conditions as provided on membership application forms. Club bank statements will also include bank account details of members who have paid their club subscriptions electronically.
The club have never disclosed member’s personal information to third parties for marketing or other purposes, nor is it likely that we would do so in the future except with the expressed consent of the member. We have however circulated information to members about promotions by or offers from our official club sponsor, JE James Cycles Ltd and from British Cycling.
The club committee have reviewed our use and management of information and have implemented several changes:
- We have produced a RWCC privacy policy which explains how we use member’s personal information, our reasons and the legal basis for doing so, subject’s rights in respect of their data and who to contact in the event of concern or complaint. The privacy policy is available by clicking on the drop down menu on the HOME page on the club website.
- We have amended our membership application form to include consent boxes in respect of a member’s wish to receive marketing information by email, SMS or post. The form has also been amended to include a consent box in respect of member’s photographs or video imagery which the club may wish to use for promotional purposes.
- The membership application form has also been amended to include a parental consent section in respect of junior members.
- Information held electronically will no longer be retained on the personal computer systems of committee members but will instead be stored in encrypted format on password protected memory sticks. Electronic back up records and paper records will be held under appropriate security.
- When circulating information to members by email, committee members will use the BCC facility in order to protect member’s private email addresses.
In order for the club to comply with GDPR requirements in respect of circulation of marketing information by email, SMS or post and use of member’s photographs or video images it will be necessary for each member (including life, second claim and junior members) to complete a copy of the amended membership application form which is available by clicking on the ‘download’ button at the bottom left corner of the HOME page on the club website. Members are asked to forward their completed forms to me without delay.
Members with any concerns or questions regarding GDPR or the club’s use of personal information should contact me.