When members sign up to a club they will normally expect to be contacted with relevant information and news updates.
It’s good practice to state on the membership form how any personal data will be used and it’s a legal requirement to state how any information is shared with a third party if people can be identified by it.
In summary, any information you collect from people should only be stored as long as you actually need it, it shouldn’t be given out without the explicit permission of the individual member and you must make sure you store it securely. If you hold personal information, there is a small chance you will be required to register with the ICO (Information Commissioner’s Office). Most not-for-profit organisations will be exempt from this but it’s worth calling to check: 0303 123 1113 or firstname.lastname@example.org.
Even if you don’t need to register with the ICO, there are eight data protection principles that you need to follow. In summary, they require that data shall be:
- Fairly and lawfully processed.
- Processed for limited purposes.
- Adequate, relevant and not excessive.
- Not kept longer than necessary.
- Processed in accordance with the data subjects’ rights.
- Not transferred to countries outside the EEA without adequate protection.
Full details of this and further information are available at the Independent Commissioner’s Office website.
Note: If information you store will be needed to report to British Rowing or Sport England, for example if you have received funding, you will need to make sure that you have all the data you need before deleting records.