Bowls Northumberland Policy to comply with the General Data Protection Regulation (GDPR)
Bowls Northumberland’s General Data Protection Regulations Policy sets out its commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data. Bowls Northumberland (the County) is committed to ensuring that it complies with the General Data Protection Regulations principles, as listed below:
~ Meet its legal obligations as laid down by the General Data Protection Regulations.
~ Ensure that data is collected and used fairly and lawfully.
~ Process personal data only in order to meet its operational needs or fulfil its legal requirements.
~ Take steps to ensure that personal data is up to date and accurate.
~ Establish appropriate retention periods for personal data.
~ Provide members with access to their personal information upon request.
~ Abide by Article 15, granting members the right to have their personal information erased.
~ Provide adequate security measures to protect personal data.
~ Ensure Computer Security Software is current.
~ Ensure computers containing personnel information have their passwords changed on a regular basis
~ Ensure that a nominated member is responsible for data protection compliance and provides a point of contact for all data protection issues.
~ Ensure that all members are made aware of good practice in data protection.
~ Provide adequate training for all members responsible for personal data.
~ Ensure that queries about data protection, internal and external to the County, are dealt with effectively and promptly.
~ Regularly review data protection procedures and guidelines within the County.
~ Ensure that everyone handling personal data knows where to find further guidance. Data Protection
Personal Data is any data which may be used to identify, contact or locate a single person. Data is held as follows:
• The County Secretary holds for all County Officers and Executive Members their name, address, post code, home and, where known, mobile phone number, as well as email addresses.
• The Membership and Yearbook Secretary holds for all clubs, the name, address, post code, home and where known. mobile phone number as well as the email address for the club’s official point of contact. In addition, for Club Officers, whose names appear on the Questionnaire submitted by clubs, details are held of their name, home phone and where given mobile number and email address
• The Treasurer holds email addresses and phone numbers of individuals to whom he makes payments. He holds no financial data on individuals
• Those officers involved with Junior Players hold such detailed information as is required under Safeguarding Legislation and supplied by parents
• Other Officers hold email addresses and phone numbers of individual club members to allow them to make contact for the running of competitions, selection of teams etc.
This information is held principally on personal computers which have up to date security software although some records may be hard copy. No financial information on members (e.g. Bank details) is held by the County although, where members have provided details of their Bank account, for the purposes of receiving BACS payments, that information is held within the Bank’s own system accessible only by authorised Officers
Personal information shared is that relevant information required by club members to participate in competitions, play matches etc. Information is also shared with other Bowling Associations or organisations to which the County is affiliated where it is needed by those Associations or organisations in order that they can inform players of competition arrangements, selection for Association games etc.
Anyone who has their personal data held by the County has the right to access, view and erase this data. A subject Access Request (Article 15) grants every citizen the right to a copy of all their personal data held by the County. Bowls Northumberland will provide this information in an electronically transportable format usable by the individual requesting the information. The Right to be Forgotten (Article 16 &17) entitles individuals to have this data erased. The County understands that failure to fulfil this entitlement will be a violation of GDPR and subject to penalties.
In the event of a data breach posing any kind of threat to members personal information, the County will inform the affected individuals within 72 hours.