The European General Data Protection Regulation (GDPR) came into force on 25th May 2016 and applies in all European Union Member States from 25th May 2018 (and also in UK post Brexit).
In the context of GDPR, an individual is known as a ‘data subject’.
Under GDPR, consent must be ‘freely given, specific, informed and an unambiguous indication of the subject’s wishes by which he or she, by a statement of clear affirmative action, signifies agreement to the processing of personal data relating to him or her’.
The Club should hold no more data beyond what is strictly required and only for as long as is needed.
For further details on how we comply with GDPR, see the file below.