GDPR – useful documents for Jog Leaders
From 25 May 2018, the GDPR (General Data Protection Regulation) comes into force, governing how organisations – including jog groups – gather and use personal data. This page walks you through the steps you need to take, including useful downloadable documents.
This is a legal requirement if you gather and keep any personal information about your jog members – this could include PARQs, phone numbers, email addresses, and any other details, particularly if they are stored digitally (including on mobile phones). The GDPR is concerned mainly with electronic data, but also covers paper filing systems if they allow information to be picked out regarding specific criteria – to be safe, you may wish to apply the principles of the GDPR to both digital and paper records you keep.
To begin with, you may like to read this briefing paper prepared by sportscotland for sports clubs, which gives a good overview of what GDPR involves.
Keys steps you need to take:
1. Review all the personal data held by your group/leaders, and what it is used for. You can use this Data Retention Review Template to help you.
2. Use your data retention review template to create a privacy notice for your group. We currently have a template for this available for athletics clubs, which you are welcome to use: Privacy Notice – Template. Because it is designed for clubs, it may be a little more complex than most jogscotland groups need, so we also have an example Privacy Notice, prepared for jogscotland Penicuik, to show you what your own version might look like: Privacy Notice – Example.
3. Send or provide a copy of your privacy notice to all your existing members.
4. Adapt any forms that you use to gather personal data from new members to reference your privacy notice and either display the privacy notice on your website (and provide a link to new members), or issue them a copy to read, or email it to them. We have created an updated version of the PARQ (physical activity readiness questionnaire) which demonstrates how to reference your privacy notice on forms etc. Please download and use these PARQs in future: PARQ updated May 2018 (also: PARQ new and expectant mums updated May 2018)
5. Make sure everyone in your group who has access to personal data has a basic understanding of GDPR and the group’s obligations. We will be sending a link to this page to all Jog Leaders, so everyone should be aware, but please check everyone is informed, and discuss it between you.
6. Review your data security – for example, ensure any phones which contain member contact details are passcode-protected; password protect any spreadsheets containing personal details and only share the password with people who need access; create group-specific email accounts to limit the use of personal email addresses for group leaders.