General Data Protection Regulation
This briefing has been created to help you understand the basics of the General Data Protection Regulation (GDPR) and how we are taking this into consideration when we collect and manage personal data. We also hope that it will help you to consider what changes may be required by you, as members, clubs and leagues.
What is GDPR?
Prior to the 25th May 2018, we relied on the Data Protection Act (DPA) 1998. However, data and technology has changed dramatically over the last 20 years and GDPR will supersede the DPA. The GDPR will come into place in all EU member states from 25 May 2018. It will apply automatically as it is a regulation, not a directive.
Aims of GDPR
GDPR is the result of work by the European Union (EU) to bring data protection legislation in line with changes in the way data is used. GDPR is intended to extend additional protection for individuals and their data, providing greater transparency and control over where their data is saved and used. If the National Governing Body, club or league holds the personal data about employees, members, volunteers, athletes, coaches and others, then you need to be aware of GDPR.
GDPR applies to all organisations whether you have staff or volunteers, or whether you have 10 members or 1000 members. It is important that you are shown to be working proactively towards GDPR compliance and that you have a plan to deliver it. It is those who have undertaken no work/ ignored it that could potentially have a problem
What is Personal Data?
Personal data is information about an individual such as name, address, phone number, email etc. If you are collecting ‘special category data’ including: race, ethnicity, religion, sexual orientation, health status then this requires more consideration on why it is being collected and how it will be kept safe.
Principles of GDPR
The basic principles remain in place and continue to provide the basis for the way people’s data is managed:
- Data must be used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Accurate and kept for no longer than is necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the European Economic Area without adequate protection.
Table Tennis Wales GDPR Review
Table Tennis Wales is taking steps to review processes and procedures and has received training in this area from the GDPR Alliance. Further information on these will be published shortly.
The Welsh Sports Association has worked with Geldards Solictors to develop a set of helpful videos to explain GDPR. You can view one of these on the following link Club Solutions
The Information Commissioners Office have developed the following GDPR resource: GDPR 12 steps to Take Now
We will continue to add helpful templates and tools to this section when they become available so please check it regularly for any updates.
Welsh Sports Association
Table Tennis Wales has a multi use access membership with the Welsh Sports Association so that our clubs and leagues can access their help and support. If you would like to access the GDPR training videos and template policies then please contact the WSA to set up a username and password:
Telephone: 029 2033 4972
Sport and Recreation Alliance
The Sport and Recreation Alliance has provided free guidance for clubs on GDPR and some of their templates can be accessed below- please carefully read the guidance on their website before you use them GDPR toolkit