Data Protection and GDPR
Data Protection and the GDPR
Significant changes to Data Protection legislation are in effect since the 25th May 2018. The General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 have an impact on how the GAA, at all levels, engages with its members. It is important that every GAA Club, County, Province, and indeed every member, is aware of how these changes in the law will affect the ways in which Personal Data can be collected and used for GAA purposes.
What is Data Protection?
Data Protection legislation is intended to protect the right to privacy of individuals and seeks to ensure that Personal Data is used appropriately.
Personal Data is any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership Number, IP Address, photographs etc.
There are other categories of information defined as Special Categories of Personal Data which require more stringent measures of protection and these include racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Children’s data and data relating to criminal convictions or offences should also be afforded a higher level of protection.
7 Principles of Data Protection:
1. Lawfulness, Fairness, Transparency
2. Purpose Limitation (Use only for one or more specified purposes)
3. Data Minimisation (Collect only the amount of data required for the specified purpose(s))
4. Accuracy (Ensure data is kept up to date, accurate and complete)
5. Storage Limitation (Kept for no longer than necessary for the specified purpose(s))
6. Integrity and Confidentiality (Processed ensuring appropriate security of data)
7. Accountability (Essential not only to be compliant, but to be able to demonstrate compliance)
What does Data Protection Legislation mean to me?
• The legislation sets out rules about how this information (personal Information) can be obtained, how it can be used and how it is stored.
• Every person must give their consent for their data to be collected and processed for a specific purpose which must be communicated to them at the time the data is obtained.
• They must specifically Opt-In and must be allowed to Opt-Out at any time. They must also be given the opportunity to review the consent they have given on a regular basis (i.e. Yearly)
• Data must be kept safe and secure and must be kept accurate and up to date
• An Individual can request a copy of all of the personal information held about them (this is called a Subject Access Request) and must be allowed to have all of their data deleted or returned to them, if they so wish.