Instructions to Race Organisers, Run Leaders, Coaches and Volunteers in relation to the General Data Protection Regulation

New stringent regulations have been introduced to safeguard members’ privacy. Very large fines can
be imposed in the event of breaches of the new rules. In the course of your activities for the Club
you may need to have access to data that is protected by the legislation.

“Data” includes, inter alia, name, date of birth, gender, URN number, e-mail address, address,
telephone number, details of other England Athletics affiliated club memberships, and details of any
coaching or officiating licences.

It is essential that you access data only on a need to know basis. If you are in possession of data it is
essential that it is kept securely and not passed on to anyone else other than on a need to know
basis and certainly not to anyone outside the Club other than an organisation organising an activity
in which Club members are participating. Once you have concluded the activity for which the data
was required you must delete it permanently from any device upon which it is held.

Data should never be stored on an electronic device which is not password protected. Any electronic
device must be stored securely.

In the event of a suspected Data Protection breach this must be communicated straight away to the
Club Secretary and in any event within 24 hours. The Club Secretary must within 72 hours report any
suspected breach to the Information Commissioner.

Basically use your common sense and be careful not to lose devices that hold what you may consider
to be innocuous information but which is in fact data and remember to delete any information that
you have acquired immediately after a course/ event has concluded.