HOW WE PROTECT YOUR DATA
The General Data Protection Regulations, or GDPR, came into force May 25th, 2018. The Regulations seek to provide protection of individuals' data and puts the onus on data holders to hold it legitimately, accurately and securely. Various senior members of the Club have investigated what is required, and as a result, we (along with all clubs and businesses) have reviewed and improved our data handling processes, continually seeking input and ways to improve and ensure compliance.
WHY WE HOLD DATA
We hold data on members to enable us to manage the Club business and financial affairs, to arrange coaching and training sessions, to keep in touch with rowing news and notices via our e-newsletter, 'By The Wey', to liaise with members and provide information to the national governing body, British Rowing.
WHAT DATA WE HOLD
We hold information such as the member's name, date of birth (so we can manage age group related activities), phone number and email (if given), parental (for Juniors) and emergency contact information (phone, email), home address, school (Juniors) or workplace (Seniors), medical (for safety reasons), and the date of a capsize drill.
If a junior member goes away on a training camp, we may need additional data, although very often the data we request is the same we have already, but need to it is up-to-date. Some data, such as a passport number, is held for the duration of the camp only.
We will also have to share some data with outside persons, such as informing an accommodation provider or restaurant, where members have allergies or other dietary requirements.
CAN CONSENT BE ASSUMED?
Yes, according to the speakers we have heard, consent can be assumed. If people provide data to a club they must reasonably assume that the data will be used. It is how the data is used and where it is held that has tightened up.
There is something called 'legitimate interests'. Essentially, this says that if you need the data to provide a service to the member and you can't do it without the member's data, explicit consent can be assumed.
It is fairly obvious that if, for example, a phone number needs to be held so that a parent can be contacted in the event of an emergency - it is necessary to hold it. Similarly, if parents and/or members are expecting communications about events, training, etc. an email address is the best way of receiving such communications.
However, this is a bit of a grey area, so we do ask for specific consents, as part of the membership application and renewal processes.
WHAT WE DON'T DO
We will neither sell your data nor allow it to be used for other reasons, e.g. as a sales tool.
WHERE WE HOLD YOUR DATA
Your member data is held 'in the Cloud', specifically the Club's own Google Drive that is part of the G Suite, sitting on Google Cloud, a public cloud service. Google has registered its Google Cloud and G Suite as being GDPR compliant.
We have now brought across all member data to this Google platform with its strong password protection, and wiped clean any data, including historical content, held on personal computers.
British Rowing are working on a GDPR-compliant membership system, of which we were 'early adopters' in helping to develop it.
ON HISTORICAL CONTENT...
We have reviewed the couple lists held on past members, both recent and from some time ago. Whilst rarely used with access strictly limited, we established that keeping past members' email address is justified, for instance, to make contact to advise of a funeral arrangements; such as was the case when Jon Beagley died. All other personal data is redacted.
WHAT IF I WANT MY DATA DELETED?
We do understand any past member wishing to have all their data deleted from our system. If so, simply contact us and we will delete it - no problem. If you are a current member, however, this could prove to be a problem and severely limit our ability to communicate effectively with you, for those reasons stated above ('Why we hold your data').
WHO CAN I SPEAK TO ABOUT THIS?
We are not experts but we have taken some sound advice from experts and wish to assure you we do our utmost to protect your data. We hope this information has been of help, but of course feel free to contact us with your query.