Introduction
Organisations have legal obligations when it comes to the collection and use of personal data provided by people taking part in activities. These Top Tips explain the main aspects of data protection legislation and offer practical advice on how these relate to the provision of sports activities.
The Data Protection Act 1998 (DPA)
The DPA sets out the key principles for the storage and use of information relating to individual people (eg a person’s full name, address, date of birth, National Insurance or NHS number, reports referring to the individual etc). The guidelines below will help you to comply with the requirements of the DPA. Compliance with the DPA is not only a legal requirement; there are also good management reasons for adhering to its principles. For example, using out-of-date or inaccurate data could result in complaints, or failing to follow correct procedures when processing and storing information could have serious consequences.
Principles of the DPA
There are eight data protection principles. Personal data should be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with your rights
- secure
- not transferred to other countries outside the European Economic Area (EEA) without adequate protection.
NB: Personal data covers any data that identifies a living person. Data covered in the Act includes electronic (eg emails), manual (eg paper files/photos) and recorded data (eg CCTV/voice recognition) – anything that can identify an individual.
Registration Forms and Surveys
Registration forms or surveys must contain a data protection clause, which should include the name of the organisation collecting the data and state the purpose(s) for which the information will or may be used:
| Thank you for signing up for this activity. Your answers are confidential. We, [insert the name of your organisation] and Sport England, will find this personal data useful in monitoring the success of our programmes and helping to plan future sports activities for children and young people. We would like to be able to send you details of any further sports opportunities that may be of interest to you. You may also be invited to take part in a survey conducted by consultants working on behalf of Sport England. We will not pass this information to any third party or use it for any other purpose. We will collect and process all personal data in line with the Data Protection Act 1998. |
The example above states the possibility of personal data, including contact details, being used for two purposes: to invite people to take part in a survey and to provide information about further sports opportunities. You should allow people to opt out of being contacted for either or both of these purposes by including the following options:
If you do not want to receive information about other sports opportunities,
please tick here
| If you do not want to take part in any future survey, please tick here | |
| If you do not want to receive information about other sports opportunities, please tick here | |
Club Membership Forms
When someone signs up to be a member of a club, it is reasonable to assume they will expect to be contacted from time to time with internal club communications and that overall membership numbers and other aggregated information may be reported externally to the sport’s national governing body. Therefore a membership form does not automatically need to have an ‘opt-out-option’ tick box, although it is good practice for membership forms to include a brief explanation of how any recorded personal data may be used. It is a legal requirement to state clearly if any personal information will be shared with a third party in a way that enables the individual to be identified, for example, by contact details.
Storing and Using Contact Details
Only use contact details for the purposes set out in the data protection statement. If you carry out a survey, responses should be kept separate from names and addresses. Do not store personal data for any longer than is necessary. If the information relates to participants in Sport England-funded activities, you should ensure all evaluation and audit requirements have been met before deleting or destroying the data.
Databases – Notifying the Information Commissioner’s Office (ICO)
The ICO is the UK’s independent authority set up to promote access to official information and to protect personal information. If you are collecting personal information and holding it electronically or manually, as well as following the eight principles of the DPA you may be required to notify the ICO. Generally, not-for-profit organisations are exempt from this requirement, but you should telephone the ICO helpline on 01625-545 745 to check whether you need to register your club. There is a standard annual administration fee for notification. Further guidance can be found in the ICO’s guide
‘Getting it right’.
Surveys
If you carry out a survey it is good practice to follow the Market Research Society Guidelines and you must comply with the DPA (and any revisions). The key points are:
- any data collected is used only for the stated purpose
- any personal data is held securely
- contact details are kept up to date
- any data with personal identifiers should only be held for up to one year
- data held without personal identifiers can be held indefinitely.
Further information is available from the Market Research Society, their website is: www.mrs.org.uk.
These Top Tips are intended as a general guide, based on legislation at the time of publication. Neither runningsports, its staff, the authors nor the reviewers can accept any liability for any loss arising as a result of reliance upon the information contained herein. Readers are strongly advised to obtain professional advice on an individual basis.
