Policy to comply with the General Data Protection Regulation(GDPR)
Messingham Bowls Club’s General Data Protection Regulations Policy sets out its commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data. Messingham Bowls Club (the Club) is committed to ensuring that it complies with the General Data Protection Regulations principles, as listed below:
- • Meet its legal obligations as laid down by the General Data Protection Regulations.
- • Ensure that data is collected and used fairly and lawfully.
- • Process personal data only in order to meet its operational needs or fulfil its legal requirements.
- • Take steps to ensure that personal data is up to date and accurate.
- • Establish appropriate retention periods for personal data.
- • Provide members with access to their personal information upon request.
- • Abide by article 15,of the Act granting members the right to have their personal information erased.
- • Provide adequate security measures to protect personal data.
- • Ensure Computer Security Software is current.
- • Ensure computers containing personnel information have their passwords changed on a regular basis.
- • Ensure that a nominated member is responsible for data protection compliance and provides a point of contact for all data protection issues.
- • Ensure that all members are made aware of good practice in data protection.
- • Provide adequate training for all members responsible for personal data.
- • Ensure that queries about data protection, internal and external to the Club, are dealt with effectively and promptly.
- • Regularly review data protection procedures and guidelines within the Club.
- • Ensure that everyone handling personal data knows where to find further guidance.
Personal Data is any data which may be used to identify, contact or locate a single person. The Club holds for all members their name, address, post code, home and, where known, mobile /home phone number, as well as email addresses. This information is held on personal computers by those club officials with the need to process such information, principally the Treasurer and Club Secretary. Information on date of birth is held only for Junior members.
Where members have declared a disability, this information is held in hard copy form.
No financial information (e.g. Bank details) is held by the club.
The only personal information shared is that relevant information required by other Bowling Associations or organisations to which the Club is affiliated, and is needed by those Associations or organisations in order that they can inform other affiliated members of, for example, selection for Association matches, participation in competitions, maintenance of a register of affiliated members for insurance and other benefit purposes.
Anyone who has their personal data held by the Club has the right to access, view and erase this data. A subject Access Request (Article 15) grants every citizen the right to a copy of all their personal data held by the Club. Messingham Bowls Club will provide this information in an electronically transportable format usable by the individual requesting the information. The Right to be Forgotten (Article 16 &17) entitles individuals to have this data erased.
The Club understands that failure to fulfil this entitlement will be a violation of GDPR and subject to penalties.
In the event of a data breach posing any kind of threat to members personal information, the Club will inform the affected individuals within 72 hours.