1. What is GDPR?
The General Data Protection Regulation (GDPR) defines legal requirements within the EU and applies from May 2018 for data protection. It has similarities to the UK Data Protection Act 1998 (DPA) and describes new requirements especially around individual rights. The main source for this policy is the UK Information Commission Office guidelines: https://ico.org.uk/media/for-organisations/data-protection-reform/overview-of-the-gdpr-1-13.pdf.
2. Who does GDPR apply to?
GDPR applies to any organisation who store, handle and process information. It must be enforced if an organisation export data to third party (such as insurance agencies) or overseas (grade registration). It applies to written and electronic information.
3. What are the responsibilities?
Responsibilities vary depending on the role, the following roles have legal obligations:
- Data controller (manage people who process data), this includes officers and elected officials.
- Data processors (registrars, website contributors). GDPR defines legal obligations listed below.
GDPR specifies an individual’s rights & legal responsibility that must be delivered, these are the rights to:
- Be informed How information will be used. If it’s going to be stored or shared, the individual must be informed at the point of collection.
- Access An individual can request to know what is stored and how it’s secured.
- Rectification Keep information correct, especially if shared with 3rd party. Any corrections must legally be addressed within a month of identification.
- Erasure An individual can ask for information to be deleted.
- Restrict processing The right to stop information being processed (different from erasure).
- Data portability An individual can request a copy of information to use it themselves or elsewhere.
- Object Have a right to opt out, the best example is to remove themselves from marketing.
- Automated decision making & profiling Block use of information if it impacts their health, economic situation or legal situation.
4. What is personal data?
Personal data is any data, or part data that can be used to identify an individual. Obvious data points are items such as name, membership number or address. Less obvious items are grade (could be combined with a grading date at a future time) or club.
5. How do I opt in?
- All UKA forms carry the following statement for members: “Data will be used by the UKA only, except where it must be shared relating to legal, insurance or grade registration. All policies can be found here: UKAikikai.org.uk/GDPR. We may contact you with aikido related news. Please tick if you do not wish to receive marking information"
- For those that want to opt in elsewhere, please got to the UKA website and opt into our mailing.
6. How do I opt out of processing, erasure and UKA data?
Email This email address is being protected from spambots. You need JavaScript enabled to view it.
- Please state if you are asking for:
- Personal data not to be automatically processed.
- Personal data to be erased.
- Not to receive marketing information. However, if you are wanting to opt out of social media please stop following the relative account or unsubscribe where options are available.
- Your personal data not to be processed in future.
- You are asking for a copy of your personal data, this will incur an admin fee of £30.