GDPR - General Data Protection Regulation

[HomerJSimpson]

As far as I know we're all done and dusted at our place and the upshot is that members names and phone numbers are no longer in the club diary .

Only a slight tangent with this if I may, how many clubs still publish this information in diaries. In my experience, a lot of the mobiles seem to change throughout the season anyway. How do other clubs do it? What happens if you have to contact an opponent in a knock out match. I would prefer to see a facility on the members section for this sort of thing, where it can be password protected, and is far easier to update my club admin staff if details change. Where would that fit in to GDPR?

 

[larmen]

It's big in my line of work too. If i'm correct all golf clubs will need to get formal written acceptance from their members to actually hold their data/details on file ? I'm yet to be contacted about this by mine and am not sure how they're embracing it but I know the May deadline is fast approaching. It's going to be an enforcement minefield but there will be a major scapegoat somehwhere in the early stages i'm sure of that.

I think with members you might not need permission as there is legitimate interest. If you are a current member it 'can be assumed' that you are happy if your club keeps holding the data. You might have to think about deletion of previous members.

My worry would be green fee paying visitors. Do you keep their data, or do you delete after the round.

 

[Wilson]

I think with members you might not need permission as there is legitimate interest. If you are a current member it 'can be assumed' that you are happy if your club keeps holding the data. You might have to think about deletion of previous members.

My worry would be green fee paying visitors. Do you keep their data, or do you delete after the round.

Wouldn’t that depend on whether you have their permission to store their data?

 

[larmen]

Wouldn’t that depend on whether you have their permission to store their data?

That kind of depends on your interpretation of the GDPR. You need to store members data anyway to fulfil their membership. May it be a magazine, tee time booking, discount in the bar or pro shop, ... . Just try placing any order online and disable your cookies. It's not possible.

I read the whole GDPR document and my initial interpretation was that you have to get explicit permission for every diddly bit about any personable identifiable bit of data. But the company I work for hired a GDPR consultant and trained a new DPO, and we are now going with 'legitimate interest' which is industry standard in our sector. If someone purchases from us we can store their data for fulfilment purpose, can keep it a couple of years for VAT purposes, but we can also send marketing material (not email!) as a purchase registers legitimate interest.

The problem is that the ICO hasn't yet actually published the interpretation of the GDPR. Therefore no-one knows what exactly is expected. But we can show that as a business we have taken significant steps to compliance, so we are secure. So they say. That doesn't mean that it will turn out to be right. Best is to get proper advise from an expert.