Home >

Sailweb  RSS feed

Sailing Clubs warned of Data Risks

The RYA has warned Sailing Clubs that they need to look at how they keep member information, or risk fines under new legislation coming in this May.

The EU's General Data Protection Regulation (GDPR) will apply from 25 May 2018 and the UK Data Protection Act 1998 (DPA) will be also be superseded by the GDPR's requirements.

The RYA has been running a series of Conference and Workshops to make clubs aware of the new rules.

RYA legal manager Mandy Peters told club representatives at a recent RYA Club Affiliate Conference:

“My experience is that most clubs are not currently compliant and so they have quite an uphill struggle to make sure they are compliant with the regulation when it comes in."

“It is really important they get to grips with it and start doing a data audit of what they have, how they got that, did they get permission, do they need it, how they use it, what they do with it,” she said.

"A club commodore may think this is something else to do, a bit of a pain, whereas if you have your personal hat on you may think it is your data and you want it protected.”

Both personal data and sensitive personal data are covered by GDPR.

Personal data broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address . . . you name it.

Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.

Organisations that have "regular and systematic monitoring" of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO).

When an organisation is relying on consent to lawfully use a person's information they have to clearly explain that consent is being given and there has to be a "positive opt-in".

This can mean that a Club would need to obtain a new consent for their existing data.

Also under the GDPR the charge (£10) to see what information is held is being scrapped and requests for personal information can be made free-of-charge, and must be provided within one month.

The new regulation also gives individuals the power to get their personal data erased where it is no longer necessary for the purpose it was collected.

12 Step Guide to the General Data Protection Regulation

Follow Sailweb on Facebook - Click here

Follow Sailweb on Twitter - Click here