English Indoor Bowling Association Ltd

GENERAL DATA PROTECTION REGULATION (GDPR)
On 25 May 2018, the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations) came into force, changing the way we fund our data protection work.

Under the 2018 Regulations, organisations that determine the purpose for which personal data is processed (controllers) must pay a data protection fee unless they are exempt.

The new data protection fee replaces the requirement to ‘notify’ (or register), which was in the Data Protection Act 1998 (the 1998 Act).

Although the 2018 Regulations come into effect on 25 May 2018, this doesn’t mean everyone now has to pay the new fee. Controllers who have a current registration (or notification) under the 1998 Act do not have to pay the new fee until that registration has expired.”


Have you paid the annual data protection charge?

All organisations in the sport and recreation sector that process personal data are required to pay an annual data protection charge to the Information Commissioner's Office (ICO) unless a relevant exemption applies. “Processing personal data” includes simply collecting and storing details of members, teachers, coaches and participants so this does affect a large majority of us, including the smallest organisations.

It is a legal requirement to pay the charge, and failure to do so could result in a fine, but it does also make good business sense as it could have an impact on your organisation’s reputation. Once you have paid, your organisation’s details are published on the Information Commissioner’s register of data controllers.

There are three levels of charge payable:

1. Micro organisations (including sole traders) pay £40;
2. Small and medium organisations pay £60; and
3. Large organisations pay £2,900. Payments made by direct debit will automatically receive an annual £5 deduction.

The ICO have provided a very helpful, easy-to-use online tool to help you determine if payment is necessary; you can find the self-assessment tool on the ICO website. It is also important to make sure you are paying the correct level of charge - the charge-assessment tool will indicate the level you are required to pay.

If you are a data controller and do not pay the charge, or you pay the incorrect charge when required to do so, then you risk enforcement action by the ICO. The maximum fine is £4,350. Don’t get caught out!

Resources

Self assessment tool

Charge Assessment tool

Sport and Recreation Alliance
EIBA Privacy Notice
GDPR Email January 2018 to EIBA Contacts


The ICO are the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals

Sport and Recreation Alliance help get the nation active at the grassroots by providing advice, support and guidance.
 Archives  |  Downloads  |  Guidance Notes  |  Links  |  Photos  |  Contact Us  |  Privacy Statement