DATA PROTECTION POLICY
Policy Approved: 06/06/22
Review Date: 06/06/23
Approved by: Phil Davis
INTRODUCTION:
The nature of running a martial arts club requires all staff and those associated with it to handle personal information in a secure manner. Transfer and storage must be controlled and compliant with the Data Protection Act 2018 and General Data Protection Regulations (GDPR).
STATEMENT:
Yu! MAC are committed to ensuring protection of all personal information that we hold and will do so in line with the 7 key principles of the GDPR legislation.
-
Lawfulness, fairness and transparency
-
We will not do anything unlawful with personal data.
-
We will not mislead people as to the reasons we collect and store their data.
-
We will remain open and honest as to why we collect personal data.
-
Purpose limitation
-
Data will only be collected for the purposes of the club to ensure we have relevant contact details for members and medical information that may impact on a members ability to train with the club.
-
CCTV footage will only be used by the club for purposes of investigation or if required by the police for investigation.
-
Data minimisation
-
Data will only be collected for the purposes of the club to ensure we have relevant contact details for members and medical information that may impact on a members ability to train with the club.
-
CCTV footage will be stored as part of the safeguarding of our members.
-
Accuracy
-
Members or parents/guardians will sign a declaration to ensure accuracy of the information that they provide and will be encouraged to inform us of any changes to this.
-
Storage limitation
-
Information will be stored for no longer than is necessary.
-
Data will be reviewed regularly and personal data found that is no longer required will be erased.
-
Any member wishing their personal data to be erased can put a request forward for this to happen, so that we comply with individuals requests for erasure under ‘the right to be forgotten’.
-
Security
-
All written data will be kept in a locked cupboard within the club premises and any electronic data will be password protected, and only shared with staff members who may require access for the safe running and functioning of the club.
-
CCTV footage will be kept on a hard drive in a locked cupboard and access will only be available to senior management for the purposes as described above.
-
Accountability
-
Yu! MAC has appointed Claire Bingham as a data protection officer to ensure that the GDPR principles are adhered to within the club to protect the personal data of its members and staff.
PERSONAL DATA BREACHES:
The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority. This must be done within 72 hours of becoming aware of the breach, where feasible.
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is accidentally lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.
When a personal data breach has occurred, the likelihood of the risk to people’s rights and freedoms needs to be established. If a risk is likely, the Information Commissioners Office (ICO) should be notified. If a risk is unlikely, it does not have to be reported, however, if the decision is to not report the breach, the decision needs to be justified and documented.
Further information on risk assessment and the process for reporting can be found on the ICO website. (https://ico.org.uk)
​
An Offline version of the Data Protection Policy can be found HERE