General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) will come into force from 25 May 2018, when it replaces the current UK Data Protection Act 1998. This regulation significantly increases the obligations and responsibilities for all organisations and business in how they collect, use and protect personal data. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.
Golf clubs will process individual personal data in nearly all their activities. This includes data about employees, volunteers, players, members, website/app users and more. It is important that each Golf Club is fully transparent about how they are using and safeguarding personal data and can demonstrate accountability for their data processing activities.
If you hold information that could be used to identify a living individual (such as contact details sent in via a Membership Application Form, booking enquiries sent via a website or transaction details recorded in the club shop) then you will need to consider the impact of data protection legislation on how you handle that information – this will be different from club to club.
Guidance for Clubs
In partnership with Harper Macleod LLP (legal partners) sportscotland have produced the briefing paper below which provides an overview about what compliance should look like at your club. Included in the briefing paper is a Five-Step Action Plan for Clubs which outlines the steps in which you should take to comply with the new regulations.
For further support and access to templates to help your club comply with the new GDPR regulations please get in touch with your Regional Club Development Officer:
Please also refer to the International Commissioner’s Office (ICO) website for further information and can be accessed via the link below.