Data Protection
GDPR Information for Club Officers and Members
Steps for Tennis Ireland Clubs to Ensure Compliance
Each Tennis Ireland club must understand the principles of Data Protection and how GDPR impacts them. Here are some key steps for clubs to follow:
Increase Awareness
GDPR benefits everyone by safeguarding personal data from misuse by organizations. As a Data Controller, each Tennis Ireland club is accountable for how it collects, uses, and stores information about its members. It’s crucial for all members to understand the changes brought by GDPR and how they affect both volunteers and club members.
Awareness about GDPR extends beyond clubs to cover other areas of life, such as banks, insurance companies, and online services. Clubs should ensure that committee members, coaches, volunteers, and anyone involved with the club are aware of GDPR principles and practices.
Ensure Understanding
Each Tennis Ireland club should inventory the personal information it holds, including:
- Why it is held.
- How it was obtained.
- Why it was originally gathered.
- Retention period.
- Security measures.
- Any third-party sharing.
The main source of personal information is usually the club’s membership database. All members’ data is held on the Tennis Ireland Membership System, and clubs share responsibility for protecting this data.
For paper membership forms, it’s essential to obtain the member’s consent to store their information, using checkboxes to signify consent. These forms should be securely stored once completed. Tennis Ireland will be updating its forms to include these guidelines.
If your club uses third-party systems for registration or messaging, ensure these providers are GDPR-compliant. Contact them to verify compliance if necessary.
Likely Categories of Personal Data Held by Tennis Ireland Clubs
Common types of personal data that may be held include:
- Garda Vetting information
- Application forms
- Messaging systems
- Email lists
- Team sheets
- Data on club websites
Each club should maintain a record of all personal data they control.
Clear Communication
GDPR requires clubs to inform individuals about why their data is being collected and who will access it. Membership and other forms should clearly state:
- Club identity
- Purpose of data collection
- Data usage
- Sharing practices
- International transfers (if applicable)
- Legal basis for data processing
- Retention period
- Rights to complain
- Other GDPR personal privacy rights
Tennis Ireland has developed updated membership forms to reflect these requirements, available soon.
Ensure Personal Privacy Rights
GDPR provides rights that every Data Controller, including Tennis Ireland clubs, must support. These rights include:
- Access to personal data (Subject Access Request) within one month
- Correction of inaccuracies
- Data erasure
- Right to object to direct marketing
- Data processing restrictions
- Data portability (useful when switching service providers)
Keeping an updated inventory of personal data will enable timely response to Subject Access Requests.
Obtain and Manage Consent
GDPR mandates that individuals are informed about data usage and retention before giving consent. Consent must be explicit, informed, and verifiable, and an audit trail should be kept. For minors, consent must be provided by a parent or guardian.
Report Data Breaches
If personal data is lost, stolen, or accessed without authorization, it must be reported to the Data Protection Commissioner within 72 hours. Notify individuals if the breach poses a risk to them. Clubs should have a procedure for detecting and reporting breaches.
Data breaches must be addressed; ignoring them is not an option. For advice, contact Tennis Ireland’s Data Protection Officer or submit a Data Breach Report via our online form.
Ensure Privacy by Design
GDPR encourages “privacy by design,” requiring that all new processes and initiatives comply with GDPR. Clubs planning projects involving new technologies or CCTV installation should conduct a Data Protection Impact Assessment to address potential privacy issues and identify risk mitigation strategies.
Appoint a Data Protection Representative
Each Tennis Ireland club should appoint a representative to oversee GDPR compliance, maintain consent records, and identify where data is stored.
Privacy Statement
Tennis Ireland is dedicated to protecting your privacy and delivering a safe online experience. This Privacy Statement applies to the Tennis Ireland website and covers data collection and usage. By using the Tennis Ireland website, you consent to the data practices outlined in this statement.
