European Users GDPR ( General Data Protection Regulation)

194 views
Skip to first unread message

JK Race Timing Systems

unread,
Feb 15, 2018, 5:59:10 AM2/15/18
to Agee Race Timing Users Group

Hi
Just a general question in relation to the upcoming new data protections coming into effect in may.
I am finding it difficult to understand if it even any of applies to us but some of it does sound like it warrants deeper investigation.

Has anyone prior knowledge of this new regulation and already has some information in relation to the data collected during a simple race.
Any help appreciated so that I can see if this is a requirement or not
Many thanks

Ted Finch

unread,
Feb 16, 2018, 4:36:22 AM2/16/18
to Agee Race Timing Users Group
Attached is a Green paper on GDPR from 2016. I am not an expert and can't give legal or compliance advice.

I think that we must explicitly:
  • Explicitly obtain permission to gather, process and store personal data for processing the specific race. This may be obtained by the promoter and as a sub contractor timers comply with that permission.
  • For U16 parental consent must be given.
  • Obtain permission to transfer data within the EU for specific statistical purposes. e.g. to UK Athletics, Powerof10
  • Not use personal data for other purposes e.g. mail shots, unless explicit permission has been given.
  • Enable individuals to remove permissions and to remove personal data if requested by the individual.
  • Restrict international data transfer unless there are specific contractual data protection regulations. This could effect use of services such as RunSignUp in the US from the EU
  • To demonstrate that personal data was secure and hold all archived race data securly, not publicly accessible.
  • Not share data with other organisations unless specific permission has been obtained.
I can envisage a scenario where a race entrant wishes to remain anonymous and not have their name published for personal security reasons. In this case we would have to have sufficient information to time the race but only publicly publish a result with an 'unknown' runner and anonymise any archived race data.

In summary, obtain explicit permission to hold and process personal data for the purpose of race timing and don't use the data for anything else. Hold the data securely and don't share it. Consider very carefully if any data may go outside the EU.

Ted


Green Paper_EU GDPR Compliance Guide.pdf
Reply all
Reply to author
Forward
0 new messages