Data protection guidance for clubs25 May 2018
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. GDPR replaces the old Data Protection Act 1998 (DPA).
Although many of the GDPR’s main concepts and principles are much the same as those under the DPA, there are a number of changes for clubs to consider.
Sport England recently commissioned the Sport and Recreation Alliance to lead a project to help support the sport sector meet the legislative requirements of GDPR.
Head to the Sport and Recreation Alliance Website to access further guidance documents and FAQs created from questions raised in other sports. Below are some further FAQs we have following workshops held at last years Council and AGM.
Frequently Asked Questions
Yes, clubs should obtain consent for the clubs use any photo of a member. A photograph of an individual does amount to personal data. Wavepower includes template consent forms for clubs to use for collecting consent on behalf of children. However, we recognise practical difficulties when clubs attend away events. Where an event organiser is capturing images or filming an event it may not be possible to obtain consent from all participants.A good practice approach would be to ensure that invited clubs are advised as early as possible of any filming or photography taking place so that they can then raise any concerns with the home club/event organiser and work together to address any concerns.
As well as official photographers, friends and family of children may wish to take photos to celebrate their sporting achievements. If photography is allowed in venue then those taking photos of children should focus on their own family members and friends and if other individuals are identifiable from those images then they should not be shared on social media without permission of the other identifiable individual(s).
There are also a range of guidance documents on the Information Commissioners Office (ICO) website.
The ICO is the regulator for data protection and have issued the following statement:
To small and micro businesses, clubs and associations who are not quite there, I say … don’t panic! As the new ICO Regulatory Action Policy, out for consultation very shortly, sets out, we pride ourselves on being a fair and proportionate regulator.
That will continue under the GDPR. The 25 May is not the end of anything. It is the beginning, and the important thing is to take concrete steps to implement your new responsibilities — to better protect customer data. My office has lots of resources to help you do that.