Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR & CI

  • 22-05-2018 2:00pm
    #1
    Registered Users, Registered Users 2 Posts: 942 ✭✭✭


    Have any clubs received advice from CI re GDPR implications on clubs and their members databases? I would have expected some sort of advisory note from CI by now.


Comments

  • Registered Users, Registered Users 2 Posts: 8,138 ✭✭✭buffalo


    I actually put together a quick draft for our club earlier today, I'll send it on to you if you want?

    Tell people what data you want/need and why, what you're doing with it, and when you're going to delete it (i.e. after a reasonable amount of time).

    For instance, we collect postal addresses of members when they register, but I'm not sure why as it's been a long time since we've regularly posted anything to members. So after GDPR review we might stop collecting that (depending on what the membership secretary says).


  • Registered Users, Registered Users 2 Posts: 942 ✭✭✭outfox


    Thanks Buffalo. I'd really appreciate a quick look at that draft, if it wouldn't put you out. I'll PM you my email address.


  • Registered Users, Registered Users 2 Posts: 3,999 ✭✭✭68 lost souls


    buffalo wrote: »
    For instance, we collect postal addresses of members when they register, but I'm not sure why as it's been a long time since we've regularly posted anything to members. So after GDPR review we might stop collecting that (depending on what the membership secretary says).

    I would think having an address would be a good thing to have on record for the unthinkable?


  • Registered Users, Registered Users 2 Posts: 8,138 ✭✭✭buffalo


    I would think having an address would be a good thing to have on record for the unthinkable?

    Good point. We also have an ICE contact to cover that though.


  • Registered Users, Registered Users 2 Posts: 1,274 ✭✭✭saccades


    outfox wrote: »
    Have any clubs received advice from CI re GDPR implications on clubs and their members databases? I would have expected some sort of advisory note from CI by now.

    : Side-splitting laughter:


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,464 ✭✭✭jamesd


    Can i get a copy too Buffalo please?


  • Closed Accounts Posts: 1,514 ✭✭✭OleRodrigo


    They have already issued a policy;

    http://www.cyclingireland.ie/page/about/gdpr

    It's quite straightforward to form a local club policy based on the CI ' parent ' copy to cover things such as the use of photographs to promote club events etc.
    Gathering personal information or data is integral to the correct running of clubs. The risk of mismanaging this data is low, but nonetheless, it is crucial that the data is managed, collected and stored correctly and in accordance with the GDPR.

    In the case of Cycling Ireland clubs, Cycling Ireland is usually considered the Data Controller, with the personal data and information on our database required for the purpose of issuing Cycling Ireland membership. Clubs, in this case, are regarded as the data processor as they are gathering personal data for this purpose. In this case Cycling Ireland is responsible for compliance with data protection legislation and GDPR, and clubs are expected to process data securely.

    Club officials must ensure data is processed securely;

    · it is updated regularly and accurately;

    · it is limited to what the club needs;

    · it is used only for the purpose for which it is collected; and

    · it is used for marketing purposes only if the individual has given their consent to do so. This needs to be an opt-in consent rather than an opt-out consent.



    Should the club ask for any information other than that required by Cycling Ireland for membership, recorded consent from the individuals and the processing of their data must take place outside of the Cycling Ireland system, and the club becomes the data controller with primary responsibility for compliance with data protection legislation including GDPR.



    Should clubs fail to comply with data protection and are in serious breach, there will be increased fines. While Cycling Ireland is usually the data controller of personal data on its systems, both data controllers and data processors can be issued with fines under GDPR.



    RECOMMENDATION
    Club officials should not be using personal email addresses, instead a “club” email address should be used. This increases the likelihood of transparency and maintains continuity. It also keeps the data stored in one place that is only controlled by the club official or data controller.


Advertisement