Data Protection and the GDPR
Significant changes to Data Protection legislation are in effect since the 25th May 2018. The General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 have an impact on how the GAA, at all levels, engages with its members. It is important that every GAA Club, County, Province, and indeed every member, is aware of how these changes in the law will affect the ways in which Personal Data can be collected and used for GAA purposes.
What is Data Protection?
Data Protection legislation is intended to protect the right to privacy of individuals and seeks to ensure that Personal Data is used appropriately.
Personal Data is any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership Number, IP Address, photographs etc.
There are other categories of information defined as Special Categories of Personal Data which require more stringent measures of protection and these include racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Children’s data and data relating to criminal convictions or offences should also be afforded a higher level of protection.
7 Principles of Data Protection:
Lawfulness, Fairness, Transparency
Purpose Limitation (Use only for one or more specified purposes)
Data Minimisation (Collect only the amount of data required for the specified purpose(s))
Accuracy (Ensure data is kept up to date, accurate and complete)
Storage Limitation (Kept for no longer than necessary for the specified purpose(s))
Integrity and Confidentiality (Processed ensuring appropriate security of data)
Accountability (Essential not only to be compliant, but to be able to demonstrate compliance)