General Data Protection Regulation (GDPR)

BADMAC Privacy Policy
BMFA GDPR Guidance Booklet 

What is GDPR?

The EU's General Data Protection Regulation (GDPR) is the culmination of four years of efforts to update data protection for the 21st century, in which people regularly grant permissions to use their personal information for a variety of reasons in exchange for 'free' services. In the UK, GDPR will replace the Data Protection Act 1998, which was brought into law as a way to implement the 1995 EU Data Protection Directive. GDPR seeks to give people more control over how organisations use their data, and introduced hefty penalties for organisations that fail to comply with the rules, and for those that suffer data breaches. It also ensures data protection law is almost identical across the EU.
GDPR Imposes many new obligations on organisations that collect, handle and analyse personal data.

Six key principles

1) Transparency, fairness and lawful use of personal data. 2) Limit to specific legitimate purposes. 3) Minimising data collection for intended purpose. 4) Ensuring accuracy of data. Right to be rectified or erased. 5) Limiting storage of data - to be kept for as long is necessary to achieve purpose. 6) Ensuring security, integrity and confidentiality.

When will the GDPR apply?

The GDPR will apply in all EU member states from 25 May 2018. Because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation - instead, it will apply automatically. While it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them.

What information does the GDPR apply to?

Any data, whether stored electronically or as hard copies, that relates to an identified or identifiable person e.g.

Application Forms Home addresses Contact Details Membership databases IP addresses Health and medical details Feedback forms CCTV footage An online identifier, usernames etc.

All club members past and present will be covered by the BADMAC Data Protection Policy which may be downloaded from the link at the top of this page together with the GDPR booklet produced by the BMFA.