Data Protection Policy
Data Protection Policy
Key Details
• Policy prepared by: Data Protection Committee
• Approved by Management committee on: September 11th 2018
• Policy operational from: September 2018
• INTRODUCTION
Ballinascorney Golf Club needs to gather and use certain information about its members and other people that the club has a relationship with or may need to contact. This policy describes how this data must be collected handled and stored to comply with the current data protection law
POLICY SCOPE
This policy applies to
• The Management Committee of Ballinascorney Golf Club
• All Committees of Ballinascorney Golf Club
• All members and volunteers of Ballinascorney Golf Club
• All other people who work on behalf of Ballinascorney Golf Club
It applies to all data that the club holds relating to identifiable individuals and includes
• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers
• Any other information relating to members
This data protection policy ensures that Ballinascorney Golf Club
• Complies with data protection law and follows good practice
• Protects the rights of members and other contacts
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach
DATA PROTECTION LAW
The Data Protection Law outlines how organisations must collect handle and store personal information
These rules apply regardless of whether data is stored electronically, on paper or in any other way
The Data Protection Law is underpinned by a number of key principles – which are
• Be processed fairly and lawfully
• Be obtained only for specific lawful purpose
• Be adequate, relevant and not excessive
• Be accurate and kept up to date
• May not be held for longer than necessary
• Be processed in accordance with the rights of data subjects
• Be protected in appropriate ways
This policy helps protect the club from data security risks including
• Breaches of confidentiality – for example information being given out inappropriately
• Failing to offer choice – all members should be free to choose how the club uses data relating to them
• Reputational damage – the club could suffer if there was unauthorized access to sensitive data
RESPONSIBILITIES
Each person who works on behalf of the club in any capacity and handles personal data, has responsibility for ensuring that data is collected, stored and handled in line with this policy and data protection principles. The following have key areas of responsibility:
The Captains of the respective Men’s and Ladies clubs will be responsible for appointing committee members to have access to sensitive data and ensuring committee members are familiar with this policy
The Management Committee and Trustees of Ballinascorney Golf Club are ultimately responsible for ensuring that the club meets it’s legal obligations
The Data Protection Committee will
• Keep the Management Committee updated about data protection risks and issues.
• Review all data protection procedures and policies in line with an agreed schedule
• Advise and liaise with the Hon. Secretary to respond to any data protection questions from committees or members
• Liaise with the management committee in respect of any contracts or agreements with third parties who may handle the club’s sensitive data
GENERAL GUIDANCE FOR DATA HANDLING
• The only persons able to access data covered by this policy must only be those who need it for their specific function in the club as designated by the management committee
• Data should not be shared informally – should access to confidential data be required by committee members, they can request it from the relevant designated person
• Designated persons must keep all data secure
• Personal data relating to members must not be disclosed to unauthorized people either within the club or external third parties
• If committee members are unsure about any aspect of data protection they should request help through the Hon Secretary from the Data Protection Committee
DATA STORAGE
When data is stored on paper it must be kept in a secure place where unauthorized people cannot see it.
• Sensitive data must never be removed from the club premises.
• When not required files must be kept in a locked cabinet
• Care must be taken that paper and printouts are not left where unauthorized people could see them
• Data printouts must be shredded and disposed of securely when no longer required
When data is stored electronically it must be protected from unauthorized access, accidental deletion and malicious hacking attempts
• Strong passwords must be used on all electronic devices and should never be shared
• Data should only be stored on designated devices and only uploaded to approved cloud computing services
• All servers must be protected by approved security software and a firewall
DATA USE
• Only designated persons should have access to computers containing personal data and should be sited in a secure location
• Screens for computers containing sensitive data should be locked when not in use
• Designated persons with access to sensitive data should not save copies of personal data to their own computers or laptops
• Data should not be shared informally and never sent by email as this form of communication is not secure
DATA ACCURACY
The law requires that Ballinascorney Golf Club take reasonable steps to ensure data is kept accurate and up to date
• Data will be held in as few as places as possible
• Designated persons should not create any additional data sets
• The Hon Secretary should take every opportunity to ensure data is updated on a regular basis
• If data is discovered to be inaccurate or no longer required, it should be corrected as soon as possible or deleted
DATA ACCESS REQUESTS
All persons who are the subject of personal data held by Ballinascorney Golf Club are entitled to
• Ask what information the club holds on them and why
• Ask how to gain access to this information
• Be told how to keep it up to date
• Be informed how the club is meeting its data protection obligations
Data access requests from individuals should be made to the Hon Secretary at admin@ballinascorneygolfclub.com
The Hon Secretary will always verify the identity of anyone making a data access request before handing over any information
The Hon Secretary, in consultation with the data protection committee, will aim to provide the relevant data within 14 days
A small fee may be charged per subject access request
Disclosing data for other reasons
In certain circumstances, the Data Protection Law allows personal data to be disclosed to law enforcement agencies without the consent of the data subject
In these circumstances, Ballinascorney Golf Club will disclose the requested data, however the Hon Secretary will ensure the request is legitimate and will seek assistance from the management committee and the club’s legal advisors if necessary
Providing information
Ballinascorney Golf Club has a Privacy Statement setting out how data relating to individuals is used by the club. It is available on request and is also available on the club website
Data Breach
In the event of data held by Ballinascorney relating to individuals being lost / stolen the following procedure must be followed
• Notify the Hon Secretary immediately the breach is identified
• The breach must be notified to the Data Protection Commission within 72 hours via the ‘notification of data breach form’ available on www.dataprotection.ie/docs
• Where a breach presents a risk to the individuals affected, they must be informed without delay
Prepared on Behalf of the Management Committee by the Data Protection Sub Committee
Ita Redmond Des Hogan
Joan Keegan Gerry Lawlor
Anne Brennan Tom Doddy