Where shooting clubs and syndicates are concerned there is no definitive answer to the question ‘Do we have to register under the General Data Protection Regulations (GDPR)?’ however, in the majority of cases the answer is likely to be ‘No’. The exemption from registering with the ICO that is likely to be relevant for clubs and syndicates is that for “Not for Profit” organisations. This exempt purpose is intended for small clubs, voluntary organisations, church administration and some charities. For further information click here.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) who can be directly or indirectly be identified by reference to an identifier such as name, identification number, location data or online identifier. GDPR can apply to automated personal data and manual filing systems.
‘Processing’ means any operation or set of operations which is performed on the personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controllers’ determine the purposes and means of processing personal data.
Further information relating to whether you are a ‘Controller’ which includes a self-assessment questionnaire to establish whether or not you need to register, can be found on the Information Commissioner’s website.
‘Processors’ are responsible for processing ‘personal data’ on behalf of a ‘Controller’.
What to do when processing:
When processing ‘personal data’ it should be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and where necessary kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed.
- Processed in a manner that ensures appropriate security of the personal data.
Overarching the above, Accountability is central to GDPR, data controllers are responsible for compliance with the principles and must be able to demonstrate this to data subjects and the regulator.
Data Protection Help Line
Try the GDPR FAQ section at https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources/
Telephone: 0303 123 1113 or 01625 545745
Request for information
If you would like to request information held by the ICO in its capacity as a public authority please see https://ico.org.uk/about-the-ico/our-information/request-information-from-us/ or alternatively contact the Information Access Team at firstname.lastname@example.org
Information Commissioner’s Office
In addition to the head office in Wilmslow, there are also offices in Scotland, Wales and Northern Ireland. Please send notification forms to the Wilmslow office, not the regional offices.
The Information Commissioner’s Office – Scotland
45 Melville Street
Tel: 0303 123 1115
Information Commissioner’s Office – Wales
Tel: 029 2067 8400
Fax: 029 2067 8399
Information Commissioner’s Office – Northern Ireland
14 Cromac Place
Tel: 02890 278757 or 0303 123 1114