General Data Protection Regulation (GDPR) Compliance Statement
Laois Cricket Club’s policies around the GDPR are designed to be in line with guidelines stipulated by Sport Ireland, Cricket Ireland, Cricket Leinster, the International Cricket Council (ICC) and other relevant sporting authorities and bodies as well as the legislation set down under European and Irish law.
We are committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition, we aim to ensure:
Our Data Protection Officer (DPO), who works to promote awareness of the GDPR throughout the club. Our DPO oversees the Club’s commitment to best practice and inform and advise players, coaches, officers in addition to all other club members and monitors compliance.
It forms part of the induction training of all new members and follow-up sessions will be put in place if the legislation changes or further guidance is available.
We recognise the right to erasure, also known as the right to be forgotten, laid down in the GDPR.
Subject access requests We recognise that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR.
As a general rule, a copy of the requested information will be provided free of charge although we reserve the right to charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner’s Office (ICO)).
As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.
We will implement data protection “by design and by default”, as required by the GDPR. Safeguards will be built into club procedures around data collection and retention.
The privacy notice, which is on our website and which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the DPC. We have conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.
Privacy Information Notices: Can be provided upon request by the Data Protection Officer (DPO). (including Frequently asked questions about our GDPR compliance)
The GDPR provides for special protection for children’s personal data and we will comply with the requirement to obtain parental or guardian consent for any data processing activity involving anyone under the age of 18. Systems have been introduced to verify individuals’ ages.
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the DPC will be notified within 72 hours.
COVID 19 Data Retention and Collection.
In the current circumstances, the club wishes to confirm that in compliance with our statutory obligations, all the above policies, mechanisms and procedures apply to the collection and retention of data relating to adherence of COVID19 measures. Further information will be provided to club members in due course and upon request