GDPR Compliance

The Data Protection Compliance Manager (DPCM) is appointed by senior committee members of the club. The DPCM is responsible for setting the requirements of the security of all personal data collected from members for the purpose of registration and administration as documented in the club Privacy Notice.

The Privacy Notice is given to all members on joining the club and to all members when amendments are made. This can be a link to the form on the club website. Members are required to positively confirm their acceptance of the notice to remain a current member of the club. New members are deemed to have accepted compliance by paying their membership fees.

In the event of a breach of data then the DPCM is responsible of informing the following:

  • Information Commissioners Office (ICO) – only if likely to result in a risk to the rights and freedoms of individuals.
  • Club members
  • Any third party that the data concerns only if likely to result in a risk to the rights and freedoms of individuals.

Physical Data Storage

Any data collected by the club on behalf of the club and BMFA is to be secured as follows:

Paper Records – To be kept at home securely by the person responsible for holding that data until transferred onto spreadsheet and processed. Paper records to be destroyed apart from current records required for club meetings or when a legitimate request to view has been received.

Electronic records – Files are to be password encrypted using strong passwords. They can be on removeable media for backup purposes however backup media must be kept securely at home of person responsible for holding that data. When used on a computer the computer must be password protected and either be behind a firewall or with an onboard firewall.

Disposal Procedure

  • When a request has been submitted to the DPCM to expunge personal data then the DPCM will request the processor to delete the data from the relevant spreadsheets and destroy any associated paper records.
  • At the end of each financial year the treasurer will destroy previous account folders and spreadsheets of data covering a period over 6 years old.