Data Protection & General Data Protection Regulation (GDPR)
Significant changes to Data Protection legislation came into effect on 25th May 2018 which impacts on how the Association of Irish Riding Clubs, at all levels, engages with its affiliated clubs and members. It is important that every club, official and member, is aware of how these changes in the law affect the ways in which members’ personal information can be collected and used for AIRC purposes.
What is Data Protection?
Data Protection legislation is intended to protect the right to privacy of individuals (all of us) and seeks to ensure that Personal Information is used appropriately by third parties that may have it (Data Controllers).
In essence, Data Protection relates to any information that can be used to identify a living person such as their name, address, date of birth, contact number, email address, membership number, photographs, etc.
There are other categories of information which currently are defined as Sensitive Personal Data which require more stringent measures of protection and these categories include religion, ethnicity, sexual orientation, trade union membership, medical information etc.
What is GDPR?
The General Data Protection Regulations (GDPR) is a new EU legislation that came into effect on 25th May 2018.
It very clearly sets out the ways in which the privacy rights of every EU citizen must be protected and the ways in which a person’s ‘Personal Data’ can and can’t be used. It places the onus on the person or entity that collects a person’s information (Data Controller) to comply with the legislation and to demonstrate compliance.
The Data Protection Rules
Data Protection can be summarised in the following 8 ‘rules’
You must …
- Obtain and process the information fairly
- Keep it only for one or more specified and lawful purposes
- Process it only in ways compatible with the purposes for which it was given to you initially
- Keep it safe and secure
- Keep it accurate and up-to-date
- Ensure that it is adequate, relevant and not excessive
- Retain it no longer than is necessary for the specified purpose or purposes
- Give a copy of his/her personal data to any individual, on request
Useful GDPR Documents
- Joint Controller Data Sharing Agreement
- Association of Irish Riding Clubs Privacy Notice
- Example Data Processing Activity Log
- Useful Tips To Ensure GDPR Compliance
- Example of Club Privacy Notice
Data Protection Commissioner
If you require professional advice on the legal and technical points regarding the GDPR, please go directly to the Data Protection Commissioner office.