The new General Data Protection Regulation comes into full force in May 2018. This requires Basketball England and any basketball organisation that holds personal data to update how they collect, use and store people's personal data.
The ICO (Information Commissioner’s Office) provide advice and guidance to organisations including a 12 steps document and also a GDPR checklist along with more generic information about the guidelines around GDPR - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
Updates from Basketball England
We have installed a confidential waste management bin in our offices to securely dispose of any confidential/highly sensitive material that we hold within the office. This is frequently removed and shredded securely - 23/01/2018
We have recently audited all our data as an organisation to understand as to where it is held and how it is held. The audit has strengthened our data security as all data is held in secure files that are password protected. This process will continue with any paper files stored in the organisation to ensure these are either locked in a secure cabinet or scanned and held electronically under password protection. - 20/03/2018
We have upgraded our systems and devices to ensure they are encrypted by DESlock+. This means that there is an extra level of protection when accessing these devices, our hard drives are now fully encrypted and its also means that devices can be shut down and locked if there are threats our our organisations data security. We also have a DESlock shredder which allows for secure deletion of any file - 22/03/2018
The Sport & Recreation Alliance have announced a GDPR toolkit for regional organisations and clubs operating across the sport and recreation sector. You can access the resources on their website here and which contains data privacy notices, a consent form for direct marketing, a GDPR compliance questionnaire and much more - 16/04/2018
We have updated our Privacy Notices and Data Protection policy to ensure that they are in line with the GDPR changes and also make it clear to members how we process their data and for what purposes. More information can be found on our Data Protection page - 08/05/2018
We have communicated with our current members to update their marketing preferences to ensure we have their opt-in permissions and this included communication with regards to the new Privacy Notice - 11/05/2018
Basketball England has released a GDPR toolkit for those working within basketball with the aim of helping them work towards compliance - 15/05/2018
Basketball England has upgraded it's email system to allow for encrypted emails. This means that when important information and data is sent via email, it can be securely encrypted to ensure its delivery to the recipient is secure as possible - 19/07/2018
Basketball England is pleased to provide guidance and resources via a toolkit, to help regional bodies, area associations, clubs and leagues work towards GDPR compliance. The toolkit provides an overview of the Regulation, what it means for basketball and its members, and some practical steps you can take to help prepare.
It also contains some template policies and procedures you can put in place. It can be downloaded by clicking the links below:
Further to Basketball England's GDPR toolkit, the Sport and Recreation Alliance has developed a toolkit which can be found by clicking below. This toolkit contains useful resources and templates to help sporting organisations and clubs take the relevant steps towards GDPR compliance:
The Sport & Recreation Alliance have also been working with their partners Wright Hassall LLP to develop the first in a series of real life questions posted from their working group, which combines sporting organisations and legal expertise to help support your organisation or club:
The EU’s General Data Protection Regulation (GDPR) was introduced to unify all EU member states' approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU. It will protect EU citizens from organisations using their data irresponsibly and puts them in charge of what information is shared, where and how it's shared.
We have released a GDPR toolkit for clubs, leagues and organisations to use, it can be found above these FAQ's.
Currently, the Sport and Recreation Alliance have developed a toolkit for regional organisations and clubs which holds guidance and templates. This can be found at the Sport and Recreation Alliance’s website:
https://www.sportandrecreation.org.uk/pages/gdpr
The ICO (Information Commissioner’s Office) are the regulatory body set up by Government to enforce the new regulations and they have a whole section on their website dedicated to GDPR and any legal questions you may have:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Basketball England have appointed Laura Middleton, Safeguarding and Compliance Manager as their DPO. It is the DPO’s role to oversee the company’s data protection strategy and it’s implementation to ensure compliance with GDPR requirements.
Any GDPR queries need to be submitted to safeguardingbasketball@basketballengland.co.uk.
More information on what Basketball England use data for can be found on Basketball England’s website under Data Protection & Privacy (at the bottom of the home page).
More information on what steps Basketball England have taken to become complaint can be found on Basketball England’s website under Data Protection & Privacy (at the bottom of the home page).
Each club will need to look at what data it collects, what reason it collects this data, how it holds that data and what access/security measures it takes to protect the data collected. Once this has been done a club will be able to update it policies and procedures to reflect their data practices.
The ICO has a 12-step document to help organisations make steps towards GDPR compliance:
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
Basketball England is not able to give specific legal advice to clubs, leagues, or associations as we are not a legal body and each club/organisation holds and handles data differently.
Any legal advice sought after by clubs will need to be acquired by external advisors.
A club should have as a minimum the following:
Our own toolkit has templates for policies, the toolkit can be found above these FAQ's.
The Sport and Recreation Alliance have developed template notices and policies that can be used by clubs. These can be found on their website here: