Where shooting clubs and syndicates are concerned there is no definitive answer to the question ‘Do we have to register under the General Data Protection Regulations (GDPR)?’ however, in the majority of cases the answer is likely to be ‘No’. The exemption from registering with the ICO that is likely to be relevant for clubs and syndicates is that for “Not for Profit” organisations. This exempt purpose is intended for small clubs, voluntary organisations, church administration and some charities. For further information click here.
Definitions:
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) who can be directly or indirectly be identified by reference to an identifier such as name, identification number, location data or online identifier. GDPR can apply to automated personal data and manual filing systems.
‘Processing’ means any operation or set of operations which is performed on the personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controllers’ determine the purposes and means of processing personal data.
Further information relating to whether you are a ‘Controller’ which includes a self-assessment questionnaire to establish whether or not you need to register, can be found on the Information Commissioner’s website.
‘Processors’ are responsible for processing ‘personal data’ on behalf of a ‘Controller’.
What to do when processing:
When processing ‘personal data’ it should be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and where necessary kept up to date.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed.
- Processed in a manner that ensures appropriate security of the personal data.
Overarching the above, Accountability is central to GDPR, data controllers are responsible for compliance with the principles and must be able to demonstrate this to data subjects and the regulator.
Data Protection Help Line
Try the GDPR FAQ section at https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources/
Telephone: 0303 123 1113 or 01625 545745
Request for information
If you would like to request information held by the ICO in its capacity as a public authority please see https://ico.org.uk/about-the-ico/our-information/request-information-from-us/ or alternatively contact the Information Access Team at accessicoinformation@ico.org.uk
By Post
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Fax
01625 524510
Regional offices
In addition to the head office in Wilmslow, there are also offices in Scotland, Wales and Northern Ireland. Please send notification forms to the Wilmslow office, not the regional offices.
Scotland
The Information Commissioner’s Office – Scotland
45 Melville Street
Edinburgh
EH3 7HL
Tel: 0303 123 1115
Email: scotland@ico.org.uk
Wales
Information Commissioner’s Office – Wales
2nd Floor
Churchill House
Churchill Way
Cardiff
CF10 2HH
Tel: 029 2067 8400
Fax: 029 2067 8399
Email: wales@ico.org.uk
Northern Ireland
Information Commissioner’s Office – Northern Ireland
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Tel: 02890 278757 or 0303 123 1114
Email: ni@ico.org.uk