To achieve GDPR (General Data Protection Regulation) compliance we have the processes documented below. A record of the steps taken to ensure GDPR compliance has maintainted by the webmaster ("The GDPR spreadsheet").
Coaches and volunteers should respect the access they have to member data and only use it as necessary for the administration of the club. In particular sensitive data such as health data should only be accessed when necessary. If they become aware of any daa breaches, they should follow the breach notification process below.
If anyone wishes to view or amend their personal data they should do so themselves (if they are a member). Regent's Park 10K entrants should contact the Race Organizer. Otherwise for a formal subject access request they should contact the web master stating that this is a subject access request. The webmaster should then fulfill the request, recording the data in the SAR register in the GDPR spreadsheet he/she maintains. The individual making the subject access request will be asked to verify their identity, for example by a telephone conversation where they must provide personal data matching the data we have on record for them or by semding a photocopy of their passport and driving licence.
If a data breach occurs the web master should be informed immediately. The webmaster will then add the record to the Breach Register in our GDPR spreadsheet and will notify the information commisioner of the breach within 72 hours of the breach occuring.