GDPR - the General Data Protection Regulations

The General Data Protection Regulations come into force on 25th May 2018.  The Regulations seek to provide protection of individuals' data and puts the onus on data holders to hold it legitimately, accurately and securely.

Various senior members of the Club have attended conferences or investigated this and as a result we (and all clubs and businesses) are reviewing our data handling processes.

Why does Weybridge RC hold data?

We hold data on members to enable us to manage the club's business and financial affairs, to arrange coaching and training sessions, to keep in touch and liaise with members and to provide information to the National Governing Body, British Rowing.

What we don't do

We will not sell the data nor allow it to be used for other reasons, as a sales tool etc.

What data does the Junior section hold?

We hold information such as the member's name, date of birth (so we can manage age group related activities), phone number and email (if given), parental and emergency contact information (phone, email), home address, school, medical (for safety reasons), and the date of a capsize drill.

If the junior goes away on a training camp we may need additional data, although very often the data we request is the same as we already have, but it is gathered in a different file and we need to ensure it is up to date.  Some data, such as a passport number, may be held for the duration of the camp only.

We will also have share some data with outside persons, such as to inform an accommodation provider or restaurant that some members are vegetarian or have allergies.

Where is the data held?

The data is presently held on personal computers, password protected, and some will be on Googledocs.  Google has registered Googledocs as being GDPR compliant and our intention is that all Weybridge Rowing Club data will be migrated to the Googledocs platform under password protection, and deleted from individual computers.  In undertaking this migration we anticipate simply deleting many files which contain historical content.

British Rowing are working on a GDPR compliant membership system and we are part of their trial.  Lets see what they produce.

So, talking of historical content ....

Yes we do have lists of past members.  We will be reviewing what data we need to keep, if indeed we need to keep any at all.  It is rarely used - the last time was when Jon Beagley died and we used historical data to advise of arrangements.  It seems a shame to just delete all our past members as they were a valued part of our history, whether recent or some time ago.

If I want my data deleted, what do I do?

Simply email clive[at]wrcjnr.com and I'll delete it.  No problem.  Unless you're a current member in which case it is a problem!

Can consent be assumed?

Yes, according to the speakers we've heard, consent can be assumed.  If people provide data to a club they must reasonably assume that the data will be used.  It's how it's used and where it's held that is being tightened up.

There is also something called 'legitimate interests' - which essentially says that if you need the data to provide a service to the member and you can't do it without the member's data, explicit consent can be assumed.   It's fairly obvious that if (for example) a phone number needs to be held so that a parent can be contacted in event of an emergency - it's necessary to hold it.  Similarly if parents &/or members are expecting communications about events, training etc an email address is the best way of achieving the communication.

However, this is a bit of a grey area, so we will almost certainly be asking for detailed specific consent in writing at some stage soon, according to advice from the Information Commissioners' Office.

Can I talk to someone about this?

Yes, you can talk to me - but I'm not an expert.  And you can't have my phone number because it's personal data!  But my 'work' email address is above ...

I hope this is of help.

Clive Capel
Junior coordinator
Weybridge Rowing Club
Comments