GDPR for Caving Clubs
10 August 2018
Yes, it’s those four letters that we have all come to dread.
But like it or not, General Data Protection Regulations (GDPR) is here and is something clubs who hold member data (name, address, email, phone etc) need to consider.
The nub of GDPR (by no means an exhaustive list) is that you should;
(A) Only hold data you need to hold.
(B) Provide a means for members to have their data removed/updated.
(C) Ensure this data is secure and access is restricted to a need-to know basis.
(D) Have a data protection policy to inform members what data of theirs you will hold, who will have access to it, how it is stored and what you will do with their data. Ensure that this is available to all members to read at the point that they submit this data to the club.
(E) Only use this data for what would be reasonably expected for a caving club.
(F) Most caving club activities enable data actively submitted by members to be held under the grounds of ‘legitimate interest’. If you want to share data between members (i.e. address or email lists) this may go beyond ‘legitimate interest’ and may require specific active consent.
The CNCC has put together a document to help clubs interpret all aspects of GDPR which can be downloaded from the publications page of our website (CLICK HERE).
More recent news...
Northern Explorers' Forum
Caves of Scotland descriptions
CNCC showcase caving to the National Park Authority
CNCC reaches new agreement with the Langcliffe Hall Estate
Training Officer needed
Important update on Birkwith area access
New descriptions for Robinsons' Pot and Hardrawkin Pot
Horton river webcam
Launch of the Online Booking System
Venue change for 13th October meeting