Camberley and District Club comply with the Government GDPR Framework. We cover the following areas in respect of the data we hold on members and organisations that we deal with
• We map how our data is collected, stored, transferred and retained
• We list all data processing activities we undertake
• We identify risks and we do not share our data with any third-party.
When a club member joins or renews his/her membership and provides their details these are recorded as physical records at the Club and the member’s details are loaded onto the Club Web Site. With the addition of a password this allows members to access the secure “members only” area.
GDPR is an important change in government legislation regarding data protection and stands for The General Data Protection Regulation. It came in to effect on 25 May 2018 and effectively provides an update to the Data Protection Act, bringing in new requirements and increasing the penalties for breaches.
The GDPR applies to any “data controllers” or “data processors”. Those are technical terms but, in essence, when we collect any personal data in running CADS,then the GDPR will apply to us.
The principles of data protection are to ensure that with regard to personal data:
• we process it securely
• it is updated regularly and accurately
• it is limited to what the club needs
• it is used only for the purpose for which it is collected
• Processing of membership forms and payments
• Sharing data with committee members to provide information about club activities, membership renewals or invitation to social events
• Web Site management
Subject access requests (requests for copies of personal data from individual club members) will be responded to within one calendar month. A log will be kept of all requests and replies
We retain the data on all current members and for 1 year after members resign.
We have 72 hours from being aware of a breach to report it to the ICO. Under the Data Protection Act there are no obligations to report breaches. For example, if we hold the membership data on a laptop and it is not encrypted and gets stolen – the data is now at risk and a breach would have to be reported. We have established that all data is held securely.
One of the principles of the Data Protection Act 1998 (and the GDPR), is that we can only process data for the purpose for which it is collected. This means that when we collect a name and contact details of an individual, so that they can become a member, we do not use that information to allow other bodies to contact them.
When individuals provide us with their details, we explain what wewill do with their information.
This applies to data that is held digitally and the physical records we also keep on club membership
The Committee recently reviewed our filing systems to limit the amount of paperwork we have to manage. Personal data that has been previously collected manually and stored in files as a hard copy has been managed in accordance with the data protection regulations.