The following advice from CCPR's Compliance Officer
Compliance Alert – Data Protection
With effect from 6 April 2010 the Information Commissioner’s Office (ICO) acquired new powers and a new penalty regime exposing employers to a possible maximum fine of £500,000 for a serious breach of the Data Protection Act.
In sport, where the focus is on operational delivery there is a risk in terms of Data Protection of non-compliance with the Principles of the Act and with the Act itself in favour of getting ‘jobs’ done. Any organisation that collects personal data about identifiable individuals such as coaches, officials, players and supporters, should review its policies and procedures to ensure it is fully compliant with the Act.
CCPR has produced a Toolkit to assist club officers checking compliance to the legislation. This is supported by a Guidance Note and an Appendix providing definitions of the terms used in data protection.
Advice from Sport & Recreation on the impact of the Data Protection Act – September 2011
Following the recommendations in its Red Card to Red Tape report, the Alliance has met with the Information Commissioner’s Office (ICO) to discuss the impact of data protection laws on sports clubs. This positive and informative meeting has clarified the requirements of the Data Protection Act 1998 on sports clubs, and given the sector an insight and opportunity to input into proposed changes for the future of this legislation.
It has been agreed that data protection law should be appropriate to the size and nature of what an organisation is doing and the sensitivity/confidentiality of the information involved.
As a result expectations and requirements placed on sports clubs should follow a principle of reasonableness where if no attempt has been made to deceive or mislead someone about the purposes for which their data will be used, then it is unlikely that using the data for those purposes would constitute a breach of the legislation.