British Canoeing have issued a GDPR Toolkit to clubs, to help them work out whether any of their practices must change with the arrival of the new data protection regulations on Saturday 26th May.
For race organisers, until specific advice comes from British Canoeing, the MRC would advise a common-sense approach.
GDPR compliance is rooted in a simple concept of privacy first. So as long as you take all reasonable steps to keep private the paddlers’ personal data that you handle, and only use data for the purpose intended by those paddlers, you can use it with confidence:-
1. Current uses of entry data fall into “reasonable use”, and by entering a race a paddler may be considered to have given consent for the data submitted to be used for the calculation and publication of results and rankings. No extra personal sign off should be needed and the team leader may be confident that they have permission to use it for this purpose.
2. Clubs should only hold this data until it is passed, in result files, to the RMA and race records officer. At this point there is no reason to retain it and it should be deleted. Clubs can link their websites to the official MRC results page if needed.
3. RMAs and the race records officer will need to hold the data until the end of the season for calculation of Hasler final places. After this they should also delete it.
4. Results will remain on the MRC website as a historical record of the event. Paddlers may request deletion of their historical data by email. Please note that you are welcome to request that all your data be deleted, but we don’t have the resource to retrospectively correct mis-spellings or omissions in old race results!