GDPR - change to data protection law

This article contains some essential details about the GDPR, including links to useful online resources, plus introductory details of what CLUB View will be doing to respond to the new rules.

To be kept informed please sign up to our GDPR mailing list.

Basic information

The new General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. As an EU regulation it applies in the United Kingdom, Republic of Ireland and all other EU member states.

The definitions set out in the GDPR identify two different roles:

  1. a club would be in the "data controller" role, as they gather "personal data" from their club members and decide the "purpose and means purpose" of any "processing" of the data;
  2. CLUB View would be in the "data processor" role, as our systems store and use "personal data" on the club's behalf.

A common misunderstanding is over whether "data controllers" must get "consent" from their "data subjects" (i.e. members or other people whose "personal data" is being "processed"). In our opinion "consent" is not required for much of the "processing" done by clubs, because the processing would qualify for one of the alternative lawful reasons allowed by the GDPR (most obviously those of "legitimate interest" or "performance of a contract").

For a good introduction to how the GDPR affects golf clubs—including examples  of "consent" versus "legitimate interest"—we recommend reading Golf England's GDPR briefing.

CLUB View & the GDPR

We have been working to ensure that clubs can continue to use the CLUB View system while complying with the new requirements of the GDPR. We anticipate that a number of things will need to be in place to achieve this, and are committed to implementing the necessary changes by the May deadline.

Currently available resources

  • If you need information about the cookies that may be set on your CLUB View website, details of what personal data your site records for users, or to find out about the security of our system, please refer to our dedicated article on cookies, privacy and security.

Forthcoming changes

We have been working hard on a number of GDPR-related matters, including:

  • the contracts required under the GDPR to govern the controller-processor relationship between a club and CLUB View;
  • completing the rollout of HTTPS encryption for all club sites;
  • allowing members to opt in or out of different types of mailings (e.g. marketing messages, as opposed to club information);
  • the ability for the club to set default privacy settings for all current members & future new members (e.g. whether 'directory of members' is opt-in or opt-out, which elements of a member's contact information are shown in the directory, email opt-out settings, etc)
  • a one-off GDPR 'wizard' members are required to complete when they log in for the first time (to alert them to the club's revised privacy policy, seek consent if/where required, etc);

We are currently contacting all our clients with further details of these changes; please sign up to our GDPR mailing list to be included in these mailings. This page will also be updated with the same information.

External resources

More in-depth information on the GDPR can be found in the online guides produced by the Information Commissioner's Office (United Kingdom) and the Data Protection Commissioner (Ireland).

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk