What is GDPR?


What is GDPR?

The General Data Protection Regulation is the updated law on data protection which comes into force on May 25, 2018. 

It is an European Union (EU) directive which is also being implemented in the United Kingdom. The aim is to give individuals' more protection about how the use of their personal data. The new rules set new standards about personal data is collected, stored and shared. 

Who does it apply to?

GDPR applies to organisations - not just companies. So it doesn't matter how big or small your volleyball club is, if it has members then the club must comply with the new rules. 

Any personal details your club asks for from players, coaches, volunteers - in fact, anyone associated with your club - must be collected, stored and shared in line with GDPR. 

It is important your club understands GDPR and adopts the correct process. The 'GDPR - is my club compliant? ' page of the GDPR guidance section of the website explains how your club must handle personal data. 


Data breaches and sanctions

Any failure to follow GDPR correctly is classed as a data breach. For all organisations, this could be something such as an club secretary losing some paperwork to large multi-million pound companies having data hacked or sharing it without permission. 

The GDPR ensures a duty on all organisations to report certain types of data breaches. If a breach poses a high risk of adversely affecting individuals - for example, losing their bank details - you must inform them without undue delay. Certain types of data breaches are required to be reported to a supervisory authority, within 72 hours. 

A record of all data breaches must be kept - whether or not they were reported. For more detail on data breaches, including what these are and developing an action plan to prepare for a breach, visit the 'Personal data breaches' section of the Information Commissioner's Office.