Croquet England Logo

Data Protection - A Further Update for Clubs


Introduction

This is an update to the article in the December 2017 issue of the Croquet Gazette, which outlined the GDPR impact on clubs (General Data Protection Regulation) when it comes into force on 25th May 2018.

Registration and Data Protection Fee

One of the changes that GDPR makes is that Data Controllers no longer need to register with the Information Commissioner's Office (ICO) (though in practice typical croquet clubs were exempt from doing so). However, draft legislation is before parliament to introduce a "data protection fee", to support the Commissioner in the style to which she has become accustomed. The good news is that, according to an article on the ICO website, it appears that most croquet clubs will also be exempt from this if they:

There is also an exemption for "core business purposes" such as:

Individuals are exempt from paying a fee if the only information they process is for personal, family or household affairs that have no connection to any commercial or professional activity. Personal, family or household affairs' includes recreational activities and the capturing of images that contain personal data, even if they are captured in a public space.

What Clubs Should Do

Even if you are exempt from paying the fee, you are still required to abide by the regulations. I think the most important things for clubs to do are:

Further Information

The Information Commissioner's website has a wealth of information at ico.org.uk. The Sport and Recreation Alliance have been commissioned to provide advice to the sector, but I suspect this is still being developed. The Sport England "Club Matters" website (see the separate article by Dave Gunn in the April 2018 Gazette) is also advertising a podcast on this topic.

Conclusion

Like Y2K, there has been a lot of talk and publicity about this, and not a little FUD (Fear, Uncertainty and Doubt). Unlike Y2K, GDPR will have a more lasting impact, but the message I've been getting is that small organisations have little to fear provided that they take sensible, proportionate, steps to comply and keep their members sweet. The ICO is only likely to come down heavily on large organisations, or those who wilfully continue to breach the regulations after a complaint.