How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • Go back-and-forth until satisfied
    Rate the answer you receive.
Ask Jenny Your Own Question
Jenny, Solicitor
Category: Law
Satisfied Customers: 7774
Experience:  Qualified Solicitor specialising in Employment Law and general legal matters. Please start your question For Jenny Only
Type Your Law Question Here...
Jenny is online now

Would you please advise as to what the requirements are for

This answer was rated:

would you please advise as to what the requirements are for ensuring we act accordingly and within the law re data protection ( best protection at least cost )for our sport and social club members and employess
JA: That depends on how many expert areas you want to subscribe to and how many questions a month you want to ask.
Customer: All we do is hold names and addresses ( manually at the moment ) for our members and employees What sort of questions are you referring to ?
JA: Where are you? It matters because laws vary by location.
Customer: Cradley Heath in West Midlands
JA: What steps have you taken so far?
Customer: I have been tasked with ensuring we are law compliant but have no idea what that means in this scenario and should we be overly concerned ( I always thought data protection was more a necessity re internet/computer usage ? )
JA: Anything else you want the Lawyer to know before I connect you?
Customer: Unless there is an obvious question that i should be asking ??? we are a sports and social club that has information re certain personal data for our members and employees such as names, addresses and telephone numbers

Hello my name is***** am a solicitor and I will be assisting you with your query today.

The ICO has a very useful guide to DATA protection for small to medium businesses which I have attached here.

This gives full guidance to the minimum requirements under the Data Protection ACT and GDPR for businesses so you should find it a very useful starting point.

Do you have any further questions about this please?

Customer: replied 4 months ago.
ok - I am representing a sports and social club where we hold names, addresses and maybe phone numbers of members and employees - what level of data protection policy do we need. Just received your link but before I refer to that will it be necessary to pay for a service in a scenario like this or can we set up our own referring to the legal requirements
Customer: replied 4 months ago.
havent got the authority yet to incur further costs re a phone call - i have already paid the £5 out of my own money - have a meeting on thursday so may be ab le to call after that but just need informative information and potential cost involvement

You don't need to pay for a service, although you will easily find a service that will do this for you.

So long as you comply with the main principles you should not have a problem.

Broadly put you need authority to store data from the individual it refers to , such as members of the club, contractors.

You should not retain data for longer than necessary.

You should not give data about an individual to a third party without their consent.

You should ensure you dispose of data securely.

There is no need for a call at this stage.

I would suggest you read through the link to determine if you believe your organisation has the resource to handle this yourself.

Most small organisations would not outsource work of this nature.

Do you have any further questions about this please?

Customer: replied 4 months ago.
not at the moment then I will go to the link - thankyou for your help

no problem, I would be very grateful if you would take the time to rate my answer so that I can be credited for working on your question today. Thank you and all the best.

Customer: replied 4 months ago.
Sorry having referred to the link and read some of the information I have another question I would appreciate an answer for - We only have names addresses, telephone numbers and some email addresses for in-house activities like staff pay, membership renewals and issuing meetings minutes - we do not have a website that uses any of this information so is an official data policy a necessity or would a basic notice stating we do not use the information for anything else or share with third parties suffice ?

Hi in an ideal world there would be a copy of a policy in the office which states that you are compliant and what you will do with data after the usage is over.

You can then just have a notice and state that there is a policy available on request.



Jenny and 5 other Law Specialists are ready to help you