GDPR for Jog Leaders
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. This is a new piece of data protection legislation that governs the way people’s data can be stored and used.
This affects you if you store any data about your joggers, for example, if:
- Your phone or computer contain phone numbers or email addresses for jog members
- You have old PARQs, or the information from them, stored somewhere
- You have any member information stored anywhere, whether digitally or on paper
- You pass member information to other people/organisations eg. leisure trusts, gyms etc.
Making sure you comply with GDPR doesn’t need to be onerous, but with the potential for significant fines if it is not adhered to, it is important that you give it some thought.
We’ve put together a document, GDPR guidance for Jog Leaders to help you make sure you’re GDPR-ready. Please take time to have a read and take any action that you need to.
For further guidance on the implications of GDPR for your group please read the GDPR – club briefing paper prepared by Harper Macleod LLP, on behalf of sportscotland, to support sports clubs.
Harper Macleod LLP have also prepared a number of resources to support sports clubs in preparing for the implementation of GDPR. All these resources will also be useful for jogging groups. The resources will be e-mailed to all Jog Leaders so in the first instance please approach your Jog Leader for access to the templates. If you require the templates to be sent to you then please e-mail firstname.lastname@example.org.
When does the GDPR come into effect?
The GDPR will apply from 25 May 2018.
What does our group need to do in preparation for GDPR?
Firstly, the group needs to read the briefing paper prepared by Harper Macleod LLP for sports clubs in Scotland. In summary, you need to review all the information you hold and your reasons for holding it, identify the lawful basis for collecting and storing that information, prepare a privacy notice (or notices, where applicable), identify a process and accountability for monitoring compliance within your group, and ensure all individuals managing data in your group are fully aware of the GDPR and its requirements.
What are the implications for failing to apply with GDPR?
Organisations can be fined up to 4% of annual global turnover and there is a tiered approach to fines. Whilst fines are relative to the size of your business it is important to ensure you are fully compliant to safeguard your group against data protection breaches.
What do we do if there is a breach?
Any personal data breaches should be reported to the ICO within 72 hours of becoming aware of the breach. Further information on personal data breaches, including how to avoid a breach and how to report a breach can be found here. On reporting of any breach, whether from the organisation themselves or from an individual or other party, the group may be required to show what steps they have taken to manage data safely and in line with GDPR. This is why it is extremely important you take the time to review the briefing paper and prepare accordingly.