You don't need to pay for a service, although you will easily find a service that will do this for you.
So long as you comply with the main principles you should not have a problem.
Broadly put you need authority to store data from the individual it refers to , such as members of the club, contractors.
You should not retain data for longer than necessary.
You should not give data about an individual to a third party without their consent.
You should ensure you dispose of data securely.
There is no need for a call at this stage.
I would suggest you read through the link to determine if you believe your organisation has the resource to handle this yourself.
Most small organisations would not outsource work of this nature.
Do you have any further questions about this please?