GDPR for Caving Clubs
10 August 2018
Yes, it’s those four letters that we have all come to dread.
But like it or not, General Data Protection Regulations (GDPR) is here and is something clubs who hold member data (name, address, email, phone etc) need to consider.
The nub of GDPR (by no means an exhaustive list) is that you should;
(A) Only hold data you need to hold.
(B) Provide a means for members to have their data removed/updated.
(C) Ensure this data is secure and access is restricted to a need-to know basis.
(D) Have a data protection policy to inform members what data of theirs you will hold, who will have access to it, how it is stored and what you will do with their data. Ensure that this is available to all members to read at the point that they submit this data to the club.
(E) Only use this data for what would be reasonably expected for a caving club.
(F) Most caving club activities enable data actively submitted by members to be held under the grounds of ‘legitimate interest’. If you want to share data between members (i.e. address or email lists) this may go beyond ‘legitimate interest’ and may require specific active consent.
The CNCC has put together a document to help clubs interpret all aspects of GDPR which can be downloaded from the publications page of our website (CLICK HERE).
More recent news...
Draft Minutes of 2019 AGM Now Available
Crackpot Cave Cleanup
Newsletter 9 Out Now
CNCC Mission Statement
Cave modifications in Ease Gill Caverns
Capstan Winch Training
Important update on cave Access at High Birkwith
Northern Explorers' Forum
Caves of Scotland descriptions
CNCC showcase caving to the National Park Authority