Latest Clubs News
Guidance for clubs, leagues and counties on the new General Data Protection Regulation
GDPR stands for General Data Protection Regulation. It outlines the privacy rights of every EU citizen and the ways in which an individual’s ‘Personal Data’ can and can’t be used.
Personal data is information about an individual such as name, address, phone number etc. and includes special categories of personal data including one’s race, ethnicity, religion or sexual orientation.
The EU will be enforcing these laws across the 28 member states from May 25th 2018.
Explore the attachments below for more guidance on how this is likely to affect your club, league or county.
Click here to scroll to the attachments
Click here to visit the Sport & Recreation Alliance online GDPR toolkit
Table Tennis England GDPR Review – Info Document
The GDPR is new data protection legislation that comes into force from 25th May 2018. Table Tennis England must ensure it is compliant before this date and is therefore taking steps to review current processes.
Aligned to Code for Sports Governance
Principle 5 of the Code for Sports Governance states that ‘Organisations shall comply with all applicable laws and regulations, undertake responsible financial strategic planning, and have appropriate controls and risk management procedures’.
Table Tennis England has a risk register that includes the compliance to laws and regulations of which data protection is referenced.
Risk
Non-compliance or a breach could result in significant sanctions of between:
Principles
Table Tennis England is committed to improving the quality of the information it holds about individuals for the benefit of the sport and to improve the experiences of those involved in table tennis and running.
Table Tennis England takes the protection of the data that we hold about athletes, volunteers, coaches and officials seriously and will do everything possible to ensure that data is collected, stored, processed, maintained, cleansed and retained in accordance with current and future legislation.
Table Tennis England aim to only collect data that is required to perform its services, communications with our stakeholders.
Many functions within the new structure and work areas of significant importance to deliver the strategic plan, such as developing commercial partnerships and fundraising, will rely on the use of data and the robust collection and management of data. Therefore, Data Protection Impact Assessments will form part of all projects across the business.
Table Tennis England acknowledges the need to support affiliated clubs and leagues and will provide advice and guidance to help them in the collection, storage and management of data to help affiliated bodies to also be compliant under the new GDPR.
Table Tennis England takes all reasonable care to ensure that the information contained in its Guidance is accurate and that any opinions, interpretations and guidance expressed have been carefully considered in the context in which they are expressed. However, before taking any action based on the contents of this Guidance or any other Guidance provided by Table Tennis England, readers are advised to confirm the up to date position and to take appropriate professional advice specific to their individual circumstances.
Table Tennis England want to use this opportunity to make all efforts to ensure that our internal processes are as efficient as possible and the administration required by clubs and volunteers is intuitive and makes people’s lives easier.
Processes – legitimate interest
Table Tennis England conduct a series of processes to administer our stakeholders’ involvement in the sport. These processes will involve the use of personal data. The key processes that would be classified as in our ‘legitimate interest’ are:
What Data do we hold and collect and why
Information provided to relevant parties
Based on your area of interest in the sport we will also provide specific information and newsletters which would include: –
Should you either wish to receive information you are currently not or stop receiving this information please do not hesitate to contact us we will comply with your preferences. This list is subject to change.
Third Party Service Providers
The following organisations / individuals currently also undertake important administrative functions (covered in the definitions of activities above) for the sport and therefore will have access to information via a secure portal:
Data Processing Agreements are in place, where appropriate, with the above organisations and they are GDPR compliant. Your data will only be used in line with the basis for processing your data.
Data will be anonymised where possible.
Data retention
All information that we hold about an individual will be retained as deemed necessary. If an individual has not played an active part in the sport or acknowledged that they no longer wish to retain their current membership status, their contact details will be deleted on request. The following information will be retained for historic performance and reporting purposes – TTiD, Name, DoB, results and contact details were relevant. An individual will be contacted each year to ensure that the data we hold about them is correct. This can be updated via the individual portal that an individual has access to.
Partners and Third Parties
Table Tennis England work with several carefully selected partners whose support will aim to add value to our stakeholders. Information from these partners will be sent to only to those individuals who proactively contact them and not via Table Tennis England i.e. the membership benefits package ( https://tabletennisengland.co.uk/membership/membership-benefits/ )
We will not share or provide data with any other third party for marketing purposes unless additional express consent is provided.
Marketing, Communications and Research
Table Tennis England wants to develop an engaged community of table tennis members. High quality communications will be integral to this and as such we will only send marketing information where we have specific and express consent or another legal basis.
Training
All staff will have had training and those processing data on a day to day basis will have formal face to face training as a refresher to the training all staff have completed already.
Data control
Data will be managed in accordance with the data retention policy and users will be able to update profile information at any time.
A record will be made of when consent was provided, the wording of the consent and any updates will be timestamped. Consent needs to be easy to withdraw at any time. If a person no longer wishes to receive communications from Table Tennis England they can unsubscribe from marketing emails.
Information security policies
Where possible Data should not be exported. Permission will be granted to individuals/ organisations to access relevant information and data sharing agreements will be in place when data is shared.
Any spreadsheets including personal data are to be deleted or encrypted and stored and password protected. This way of working is being phased out and our vision is to eradicate the use of spreadsheets to store data with the implementation of a CRM system.
All Table Tennis England laptops and phones will be encrypted/password protected.
Data Protection Officer
The responsibility of Data Protection currently forms part of Director of Business Operations role.
Data Protection Policy
Table Tennis England has data protection policy in place which is in line with GDPR.
Privacy Impact Assessment Procedure
Table Tennis England has a Privacy Impact Assessment procedure in place.
Privacy Policy
Table Tennis England has a Privacy Policy in place this can be found on our website
Data Protection – Contract with agencies/ consultants/ external data processors
Every contract that Table Tennis England has with consultants, agencies and any other individuals or organisations that have access to data/ undertake any processing on our behalf signs a contract which confirms that they are GDPR Compliant.
Total Attachments: 10