See you all again on Sept 10th, have a great Summer.
GENERAL DATA PROTECTION REGULATION – CBAI
What is GDPR?
The General Data Protection Regulation (GDPR) is a new EU regulation which comes into effect on 25 May 2018. GDPR will update existing data protection laws and will place greater accountability and transparency obligations on organisations when using a member’s personal information. It gives the individual greater control over their personal information.
This will apply to all clubs, groupings of clubs e.g. Counties / Regions and the Contract Bridge Association of Ireland.. Each of these is identified as Data Controllers and has responsibilities in respect to the data they hold. It is possible that the entity operating as the first grouping of clubs, (County, region, etc) may not require separate identification as a Data Controller from the NBO, but the responsibility of safeguarding personal data is in no way diminished.
All information that is collected on an individual member is regarded as Personal Data. It must be kept secure and only to be used for the express purpose for which it was collected – bridge or other activities for the body involved. Similarly, if you have a visitor/guest to your club, their information is also personal data.
Do not pass on any Personal Data to anyone unless the purpose was specifically covered when the information was collected.
Maintenance of Records
If you keep paper records, they should be kept in a secure location, e.g. locked in a cabinet, with regulated key holders for the location. If you dispose of any of these paper records, they must be shredded before disposal.
If you keep your records on a computer, they should only be accessible by authorised people; the computer and/or folders in which the information is kept should be locked and/or encrypted.
Access to records should only be available to authorised committee members, Officers or managers. When new individuals take up these positions access methods e.g. passwords, should be changed,
Usage of Personal Data
When using personal data entrusted to you, care must be taken not to share any information with others, either deliberately or by accident; for example, if sending a group email, the blind copy (Bcc) facility or a mailshot programme that does not show other addressees must be used.
Clubs should not circulate lists of members with contact details within their own membership – unless they have specific agreement from their members. Clubs should regard this time as being a completely fresh start for all their practices, seeking specific permission from members to make use of their personal data. Previous practice of “opting out” will no longer apply – all members must be asked to “opt in” – by specifically giving permission to use personal data.
You must inform everyone from whom you collect data:
This will usually be done via a Privacy Notice, which may be on your club’s website, but a printed copy should also be available in the club and be sent to those who request it. Your members should be directed to this Privacy Notice on every occasion when you collect data, so it should be referred to on your membership application form. A Privacy Notice will also be displayed on the CBAI Website.
Publication of Personal Data
In a situation where a member is an office holder in a club or other grouping, and it is necessary to publish contact information for them either on paper or on another medium, specific permission must be sought from the individual for that purpose.
Your application form for membership at Club level should contain a request for permission to use Personal Data for purposes of bridge and include a request for permission to reproduce photographs of members to record their winning of a prize or prizes for bridge and promotion of bridge.
RIGHTS OF THE INDIVIDUAL
An individual has a right to data protection when their details are
Data Protection rights help the individual to make sure the information stored about them is
The bridge grouping (Data Controller) who holds information about the individual must –
REGISTRATION WITH DATA PROTECTION COMMISSIONER
Bridge organisations do not fall within any category that requires registration with the Data Protection Commissioner, so that is usually not necessary. To satisfy yourselves that this is the case, check with the Regulator. (Website details below)
Presentation of the Joe and Sheila Lane Cup to 2018 Winners Mairin Heffernan and Eileen O'Sullivan by Lane family members Ruth, Joe, Judith (holding Cup) . Also in the group is our incoming President Kay Doyle.
Presentation of Hanna Lane Plate to Deirdre Murphy & Mary M Shanahan (Absent from photo) by Ruth Walsh (née Lane) and incoming Club President Kay Doyle.