recent work

£500,000 fines for breaching data protection regulations

Sports clubs and organisations must ensure that they are up to speed with the latest data protection procedures as breaches of the law can now incur fines of up to £500,000. Nearly all organisations processes personal data – they collect it, use it, disclose it, buy it, store it – and they are breaking the law if they haven’t notified the Information Commissioner’s Office (ICO) about their data processing. But compliance with the law goes much further than that and the ICO is hammering down hard on organisations that cannot prove that they have sound information governance in place, i.e. that their staff are regularly trained in this area; they have data policies and procedures in place; the infrastructure to audit their data processing practices; and generally that they have a risk assessment approach to privacy protection.

Absolute Data is committed to ensuring sports organisations create and follow realistic data protection policies and procedures within the law.

• They spend time getting to know what data-related activity your business participates in.

• They provide you with appropriate data protection policies and procedures that accurately reflect your activities.

• They provide training packages for staff; not only in the importance of data protection, but how to ensure that you are fully adhering to data protection law.

Clients can be provided with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches; some clients opt for a retained consultancy service. Here are the top 10 steps to assessing if you are likely to be running unnecessary risks in your organisation:

1. Do we have an ICO notification and how often do we check it?

2. What purposes have we notified?

3. What do we do to check whether we comply with the data protection law(s)?

4. Do we have a privacy policy, where is it, and is it fair and lawful?

5. Do new starters have a DPA element to their induction?

6. Do we train staff in our data protection policies and DPA in general at least annually?

7. Do we have a list of what the data we process, what it comprises, where it is, and who has access to it?

8. What do we do to check how secure our IT is – all of our IT not just our servers?

9. Are our IT or computing suppliers (e.g. backup, hosting, Cloud, repairs etc.) on a sound agreement with us?

10. Do we have a process for risk assessing data protection and privacy issues?

To find out more about data protection and Absolute Data’s services give us a call now: 01423 790125.