CCS GENERAL DATA PROTECTION REGULATION (GDPR) POLICY JULY 2018
The General Data Protection Regulation (GDPR) forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018. Organisations that hold data on individuals need to formulate policies to take account of the Regulation and the Act.
The only personal data on members held by CCS is that provided on membership application forms;
Phone number (home/mobile)
Age – to enable age-related time trial results to be compiled
This data may be held for up to three years.
The membership application form contains a tick-box for members to opt in to having their information held, worded as follows;
“Agree to storage of personal data; Data Protection Act and General Data Protection Regulation
Personal data provided to CCS will be used for administration of membership, and distribution of information on Club activities. It will not be divulged to outside organisations or individuals. E-mail addresses may be divulged to other members. Committee members’ details may appear on the website. Data may be held for 3 years.”
This membership data is held by the membership secretary on a password protected electronic device, and may be issued electronically to committee members, ride co-ordinators, welfare officer and the Spindle editor on a regular basis. They may also hold the data on password protected electronic devices. This is to enable them to administer membership records and communicate with members either collectively or individually. Committee members may hold paper copies of data provided they are stored securely, again for no longer than 3 years, and then destroyed by shredding or burning.
The membership data for Junior members may also be held by coaches on a password protected electronic device, to enable them to administer membership and communicate with Junior members either collectively or individually. If they hold paper copies of data they are to be stored securely, again for no longer than 3 years, and then destroyed by shredding or burning.
No information is to be disclosed to outside organisations or individuals, other than committee members, coaches’ and welfare officer’s phone numbers, which will appear on the website and in the CCS Handbook.
COMMITTEE MEMBERS, RIDE CO-ORDINATORS, COACHES, WELFARE OFFICER AND SPINDLE EDITOR
Only store membership data on a password protected electronic device; delete this data after it’s been held for 3 years, or earlier.
If copies are printed, store them securely, and destroy by shredding or burning after 3 years, or earlier.
Do not divulge membership information to outside organisations or individuals.
If sending out group e-mails, address the e-mail to yourself, with the group addressees as BCC.
Members may request to see the data held on them by CCS (a ‘subject access request’); contact the membership secretary.