As readers of The Club Room will know, the GDPR comes into force on 25th May 2018 replacing the Data Protection Act 1998 (DPA).

Back in July’s edition of The Club Room we provided readers with an overview of the new Regulations to help you start thinking about what you need to do in order to ensure you are compliant when they come into force. We promised a more detailed Guidance on the GDPR and Subject Access Requests which we have now finalised.

GDPR applies to all organisations that process data, regardless of size or legal status (e.g. incorporated or unincorporated) or tax status (e.g. charity or CASC). There are no exemptions and clubs should note the fines for getting it wrong are potentially huge.

Do remember that although the Regulations do not come into force until 25th May 2018, as from that date you will be expected to be compliant. We therefore strongly advise that you get underway now.

If you have any further questions please email legal@rya.org.uk