GDPR.

The new General Data Protection Regulation comes into full force in May 2018. This requires Basketball England and any basketball organisation that holds personal data to update how they collect, use and store people's personal data.

The ICO (Information Commissioner’s Office) provide advice and guidance to organisations including a 12 steps document and also a GDPR checklist along with more generic information about the guidelines around GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.

Updates from Basketball England

We have installed a confidential waste management bin in our offices to securely dispose of any confidential/highly sensitive material that we hold within the office. This is frequently removed and shredded securely - 23/01/2018

We have recently audited all our data as an organisation to understand as to where it is held and how it is held. The audit has strengthened our data security as all data is held in secure files that are password protected. This process will continue with any paper files stored in the organisation to ensure these are either locked in a secure cabinet or scanned and held electronically under password protection. - 20/03/2018

We have upgraded our systems and devices to ensure they are encrypted by DESlock+. This means that there is an extra level of protection when accessing these devices, our hard drives are now fully encrypted and its also means that devices can be shut down and locked if there are threats our our organisations data security. We also have a DESlock shredder which allows for secure deletion of any file22/03/2018

The Sport & Recreation Alliance have announced a GDPR toolkit for regional organisations and clubs operating across the sport and recreation sector. You can access the resources on their website here and which contains data privacy notices, a consent form for direct marketing, a GDPR compliance questionnaire and much more - 16/04/2018

We have updated our Privacy Notices and Data Protection policy to ensure that they are in line with the GDPR changes and also make it clear to members how we process their data and for what purposes. More information can be found on our Data Protection page - 08/05/2018

We have communicated with our current members to update their marketing preferences to ensure we have their opt-in permissions and this included communication with regards to the new Privacy Notice - 11/05/2018

Basketball England has released a GDPR toolkit for those working within basketball with the aim of helping them work towards compliance - 15/05/2018

Basketball England has upgraded it's email system to allow for encrypted emails. This means that when important information and data is sent via email, it can be securely encrypted to ensure its delivery to the recipient is secure as possible - 19/07/2018

GDPR Toolkit & Guidance

Basketball England is pleased to provide guidance and resources via a toolkit, to help regional bodies, area associations, clubs and leagues work towards GDPR compliance. The toolkit provides an overview of the Regulation, what it means for basketball and its members, and some practical steps you can take to help prepare.

It also contains some template policies and procedures you can put in place. It can be downloaded by clicking the links below:

Further to Basketball England's GDPR toolkit, the Sport and Recreation Alliance has developed a toolkit which can be found by clicking below. This toolkit contains useful resources and templates to help sporting organisations and clubs take the relevant steps towards GDPR compliance:

The Sport & Recreation Alliance have also been working with their partners Wright Hassall LLP to develop the first in a series of real life questions posted from their working group, which combines sporting organisations and legal expertise to help support your organisation or club:

GDPR FAQs

What is GDPR? +

The EU’s General Data Protection Regulation (GDPR) was introduced to unify all EU member states' approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU. It will protect EU citizens from organisations using their data irresponsibly and puts them in charge of what information is shared, where and how it's shared.

Where can I get more information and guidance for my club? +

We have released a GDPR toolkit for clubs, leagues and organisations to use, it can be found above these FAQ's.

Currently, the Sport and Recreation Alliance have developed a toolkit for regional organisations and clubs which holds guidance and templates. This can be found at the Sport and Recreation Alliance’s website:

https://www.sportandrecreation.org.uk/pages/gdpr

The ICO (Information Commissioner’s Office) are the regulatory body set up by Government to enforce the new regulations and they have a whole section on their website dedicated to GDPR and any legal questions you may have:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/  

What are Basketball England doing with members data? +

More information on what Basketball England use data for can be found on Basketball England’s website under Data Protection & Privacy (at the bottom of the home page).

https://www.basketballengland.co.uk/about/policies-procedures/data-protection/data-protection-contents/

What steps are Basketball England taking to ensure it is compliant with GDPR? +

More information on what steps Basketball England have taken to become complaint can be found on Basketball England’s website under Data Protection & Privacy (at the bottom of the home page).

https://www.basketballengland.co.uk/about/policies-procedures/data-protection/data-protection-contents/

What steps should we, as a club, be taking to ensure it is compliant with GDPR? +

Each club will need to look at what data it collects, what reason it collects this data, how it holds that data and what access/security measures it takes to protect the data collected. Once this has been done a club will be able to update it policies and procedures to reflect their data practices.

The ICO has a 12-step document to help organisations make steps towards GDPR compliance:

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Basketball England is not able to give specific legal advice to clubs, leagues, or associations as we are not a legal body and each club/organisation holds and handles data differently.

Any legal advice sought after by clubs will need to be acquired by external advisors.

We are looking to update our policies and procedures, where can we go for more information? What policies should we have in place? +

A club should have as a minimum the following:

  • Data Protection Policy
  • Privacy Notice
  • Data Breach policy

Our own toolkit has templates for policies, the toolkit can be found above these FAQ's. 

The Sport and Recreation Alliance have developed template notices and policies that can be used by clubs. These can be found on their website here:

https://www.sportandrecreation.org.uk/pages/gdpr