GDPR and clubs and classes.
Printed From: Yachts and Yachting Online
Category: Dinghy classes
Forum Name: Dinghy development
Forum Discription: The latest moves in the dinghy market
URL: http://www.yachtsandyachting.com/forum/forum_posts.asp?TID=13064
Printed Date: 01 Jul 25 at 7:06pm
Software Version: Web Wiz Forums 9.665y - http://www.webwizforums.com
Topic: GDPR and clubs and classes.
Posted By: 2547
Subject: GDPR and clubs and classes.
Date Posted: 14 May 18 at 9:00pm
| Anyone know how this impacts clubs and classes who of course hold member data. |
Replies:
Posted By: Rupert
Date Posted: 14 May 18 at 9:12pm
|
Yes, my wife does. I didn't understand any of it. She has been briefing various committee members. As each meeting has lasted an hour or more, I'm not sure it can be summarised on here, even if I had a clue.
The RYA have a pretty good hold on it, too. ------------- Firefly 2324, Puffin 229, Minisail 3446 Mirror 70686 |
Posted By: The Moo
Date Posted: 15 May 18 at 7:09am
|
Our Club came to the party a little late on this one. Our understanding is that the regulations which come into place on 25 May apply to us.
We have therefore followed the RYA guidance and have developed a policy based on their online template which will be made available to all members. We will ask them to agree to us holding and using their data for the legitimate purposes of running the Club (including photographic material for the purpose of promoting the Club). They will be asked to reaffirm their agreement each time they renew their membership. New members will be asked to agree on joining. I guess we will also have to adapt our open meeting application forms. I think this is an unintended consequence of the new regulations that they apply to small organisations such as ours but for now we seem to be stuck with it. Some on here are quick to sl*g off the RYA but to be honest their support in matters such as these is exemplary. It took us about an hour to get it all drafted so isn't quite the ball ache we thought, though getting the initial declarations back might be more so. |
Posted By: PeterG
Date Posted: 15 May 18 at 8:19am
|
The RYA legal dept has done an presentation on this for clubs, which is worth looking at: http://www.rya.org.uk/newsevents/e-newsletters/club-room/feb18/Pages/general-data-protection-update.aspx" rel="nofollow - http://www.rya.org.uk/newsevents/e-newsletters/club-room/feb18/Pages/general-data-protection-update.aspx I'm involved in membership of a (non sailing) organisation. We've taken the view, which the RYA apparently supports, that provided your data is being used for legitimate membership purposes only (contact etc) then keeping basic details (excluding certain special categories) does not require explicit consent. We are producing a privacy statement (as required) which will be available to all members and which explains what we are doing and why. One point the RYA presentation makes make is that if you rely on consent then you create a lot of potential administrative difficulty. You have to keep getting it renewed, and if it isn't (people don't respond, sign the form etc) then you have an issue. Provided your uses are limited to those that can be seen as inevitable and legitimate uses of membership data it's better to avoid that route. ------------- Peter Ex Cont 707 Ex Laser 189635 DY 59 |
Posted By: The Moo
Date Posted: 15 May 18 at 3:39pm
| I should clarify that our Club will only be seeking consent to pass on members contact details to other club members on the Duty Rota for the purpose of arranging swaps and the use of their images in Club newsletter and other promotional material. |
Posted By: Sam.Spoons
Date Posted: 15 May 18 at 4:56pm
|
The info most clubs will keep will be name and address, email and phone, and identification details of their boat. They won't be passing those onto anybody other than other members and then, most likely, only with explicit permission. My reading of the new regs is that none of that requires an opt in or a regular renewal of the permissions (I have looked into it WRT my wife's business). The only other issue is to keep the computer files containing the info secure by having it password protected or better still on a secure remote server. ------------- Spice 346 "Flat Broke" Blaze 671 "supersonic soap dish" |
Posted By: turnturtle
Date Posted: 15 May 18 at 6:12pm
|
AIUI GDPR is as much about the processing of information as it is the storage and collection of data for everyday business practices. As such, I wouldn’t be worried about conventional membership activity and interns member communications - keep it secure as said already. but surely the external submission of data to the RYA through personally identifiable race results for whatever unknown processing they do, is in contravention without express consent from all participants?
Even annoymised data can be traced - a sail number with class can serve as a UI field, I’ve certainly traced boat ownership lineage pretty easily through sail numbers and publicly available results in the past. It’s not that hard. |
Posted By: L123456
Date Posted: 16 May 18 at 11:22am
|
SO what about all the results with names and sail numbers that feature on this and club and class websites? |
Posted By: jeffers
Date Posted: 16 May 18 at 11:28am
I would say that is down to you to request removal given the experience of GDPR that I have so far. GDPR is more about use of your data going forward and contacting you in the future than what is already out there. ------------- Paul ---------------------- D-Zero GBR 74 |
Posted By: turnturtle
Date Posted: 16 May 18 at 11:46am
that would be my take on it too- flat html files with data tables aren't really under the scope here. But I would say there needs to be some proper professional advice for any club or event which plans to submit data to a third party who intend to 'process' that data in any way going forward. EDIT: I guess the work around is to define the race itself as the data subject, rather than the individual competitors.... but that sounds a bit shaky and I wouldn't want to test it in a legal setting with prospective penalties for compliance failure.
|
Posted By: 2547
Date Posted: 16 May 18 at 3:23pm
Race results are personal data. To use it you need to do a LIA (Legitimate Use Assessment) I'd say it is in the legitimate interests of the class or club to communicate the results of an event and to preserve the records for the historical interest .... of course there should be an accompanying Privacy Policy giving people the process to request their data is removed ... then the processor needs to take a view. on that ... probably best to just remove.
Entry forms are going to look like war and peace with all this legislation ... and the likes of big corp will so do as they like as they have the biggest law budgets. |
Posted By: patj
Date Posted: 18 May 18 at 5:46am
|
I was involved in this at the start of the year and we consulted the RYA guidance and added a page to our membership forms to cover the data protection requirements.
We state how your data is to be used, including passing to RYA and request also that members tick a box to opt in to having their details on the members only contact directory and another tick box opt in to using photos of them and their boats on the club web site, social media pages or for use in press releases. For those who need it the form can be blagged as a pdf from http://www.shearwatersailingclub.co.uk/ssc/media/SSC-New-Members-Pack-2018.pdf" rel="nofollow - SSC-New-Members-Pack-2018 or I could be talked into emailing a word document |
Posted By: L123456
Date Posted: 18 May 18 at 10:00am
You have PM 
|
Posted By: Noah
Date Posted: 18 May 18 at 11:35am
|
In a letter to a respected newspaper today: "The Information Commissioner’s Office provides a simple registration self-assessment tool online (https://ico.org.uk/for-organisations/register/self-assessment/), allowing organisations to determine whether they are affected by the GDPR. This says that those processing data to be used only in a recreational context are exempt from having to register." EDIT: However, having tried the self-assessment questionnaire, the first Q is 'do you use CCTV for crime prevention?' If the answer is yes then the site immediately says you must register. If the answer is no, then several questions later the recreational question is asked and the 'No Need to Register' response comes back in response to an affirmative. I strongly suspect that many, if not most, clubs (being often in less populated locations) will have CCTV installed. Having been to a seminar on this topic I was surprised to learn that a CCTV image of someone's face is considered 'personal data' even without a name attached. Likewise, a vehicle registration number - on its own - is considered personal data. The fact that the reg no doesn't say who owns said vehicle, or who may have been driving it at a particular time seems to have passed by the officials. Further, a credible reason is needed to get any details out of the DVLA. Bonkers.
------------- Nick D-Zero 316 |
Posted By: turnturtle
Date Posted: 18 May 18 at 11:36am
| Yes but the RYA are using the data to construct a commercial product, as is sail racer. |
Posted By: L123456
Date Posted: 18 May 18 at 1:08pm
| Not having to register is a different matter to having to follow the regs. |