GDPR Information for clubs

The General Data Protection Regulation [GDPR) has been in effect since May 25th 2013. This new law affects all GAA Clubs and has an impact on every Club’s use of personal mdata, so it is very important that each Club is aware of how these new laws affect them. A significant amount of guidance has been provided on what Clubs are required to do to comply with the GDPR on the GAA website www.gaa.ie/dataprotection and shared with GAA Club Officers through Microsoft One Drive. This content can be viewed by Club Officers who Logon to Microsoft Office 365 with their gaa.ie email address and select the Following menu option: OneDrive> Shared> Shared With Me > GDPR Repository.

A useful summary of of the content GDPR For GAA Clubs is available and can be downloaded here: http://www.qaa.ie/my-gaa/administrators/gdpr—support

If you have any questions or queries in relation to Data Protection within your Club, please send an email to dataprotection@gaa.ie.

General Information Information relating to Data Protection and GDPR is available on the Data Protection Commissioner’s website http://www.dataprotection.ie.

Additional information and how data protection specifically impacts on the GAA and supporting templates, forms and process documentation is available on the GAA website http://www.gaa.ie/dataprotection.

Training

An online module to train club administrators, registrars, club executive committee and members
is available at https://learning.gaa.ie/courses/dataprotection/story_html5.html

All GAA members and Club Officials are encouraged to review the content to familiarise themselves
with the requirements of GDPR. IT Systems Enhancements have been developed to facilitate compliance with GDPR using technology. This includes a GAA App which will allow GAA Club members to register their details on-line, thus making management of consent easier for clubs and reducing the amount of paper records.

Additionally, the functionality available with the Microsoft Office 365 suite of products (available to those with @gaa.ie email addresses) will assist in managing personal information in a secure and controlled manner.

Data Protection and GDPR

There are some significant changes to Data Protection legislation which came into effect on 25 May 2018 which will have an impact on how the GAA, at all levels, engages with its members. It is important that every GAA Club, and indeed every member, is aware of how these changes min the law will affect the ways in which members’ personal information can be collected and used for GAA purposes.

What is Data Protection?

  • Data Protection legislation is intended to protect the right to privacy of individuals (all of us) and seeks to ensure that Personal Information is used appropriately by third parties that may have it (Data Controllers).
  • In essence Data Protection relates to any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership Number, IP Address, photographs etc
  • There are other categories of information which currently are defined as Sensitive Personal Data which require more stringent measures of protection and these categories include religion, ethnicity, sexual orientation, trade union membership, medical information etc.

What is GDPR?

  • The General Data Protection Regulations (GDPR) is new EU legislation that comes into effect on May 25th 2018.
  • It very clearly sets out the ways in which the privacy rights of every EU citizen must be protected and the ways in which a person’s ‘Personal Data’ can and can’t be used.
  • It places the onus on the person or entity that collects a person’s information (Data Controller) to comply with the legislation and to demonstrate compliance

Data Protection can be summarised in the following ‘7 Principles’’

  1. Lawfulness, Fairness, Transparency
  2. Purpose Limitation
  3. Data Minimisation
  4. Accuracy
  5. Storage Limitation
  6. Integrity and Confidentiality
  7. Accountability

What does Data Protection Legislation mean to me?

  • The legislation sets out rules about how this information (personal Information) can be obtained, how it can be used and how it is stored.
  • Every person must give their consent for their data to be collected and processed for a specific purpose which must be communicated to them at the time the data is obtained.
  • They must specifically Opt-In and must be allowed to Opt-Out at any time. They must also be given the opportunity to review the consent they have given on a regular basis (i.e. Yearly)
  • Data must be kept safe and secure and must be kept accurate and up to date
  • An Individual can request a copy of all of the personal information held about them (this is called a Subject Access Request) and must be allowed to have all of their data deleted or returned to them, if they so wish.

Useful Downloads for GDPR

(Click on title to open, then right click on mouse to save or download)

1. GAA – Data Protection – Definitions

2. GAA – Data Breach – Process Overview

3.GAA – How to verify GAA Membership

4. GAA – Subject Access Request – Process Overview

5. GAA- GDPR For Clubs

6. GAA – Draft of Child Membership Form

7. GAA – Draft of Youth Membership Form

8. GAA – Draft of Full Membership Form