BDSFA Data Protection & Retainment Policy

THE GENERAL DATA Protection Regulation (GDPR), effective from 25 May 2018, governs how and why data (information) about individuals can be collected, stored, and used.

Policy Statement

BDSFA is committed to ensuring the responsible, safe, and legitimate collection, retention, and usage of personal information in order to protect individuals’ privacy, while providing controlled access to that information for those with a legitimate and permitted interest. This policy will be reviewed annually.

Data Protection

This section outlines the arrangements for collecting, using, storing, retaining, and sharing personal information. BDSFA shall:

  • Identify an accountable data controller.
  • Identify the lawful basis or legitimate interest for collecting each dataset held.
  • Ensure that personal information is processed fairly, lawfully, and in a transparent manner.
  • Collect and use information only for specified, explicit, and legitimate purposes—or compatible purposes.
  • Process only data that is adequate, relevant, and limited to what is necessary for the purpose.
  • Strive to maintain accurate, up-to-date information and make any notified changes within one month.
  • Not retain personal information longer than necessary to fulfill its stated purpose.
  • Keep all personal data safe, secure, and protected from unauthorized access, accidental loss, destruction, or damage.
  • Inform data providers of the rationale for collecting their data, how it will be processed, how consent will be obtained, and how consent can be withdrawn.
  • Cease processing any data upon request from the data subject.
  • Where appropriate, provide training to BDSFA volunteers on data protection.
  • Share data with relevant third parties for statutory or legislative purposes (e.g., criminal investigations).
  • Only share data with other third parties when approved by the BDSFA committee through contracts or protocols, and only with active consent from individuals.
  • Provide any individual with copies of all personal data held about them within one month of request—unless the request is complex, in which case the response period may be extended by two additional months.
  • Provide information at no cost unless the request is manifestly unfounded or excessive, in which case a reasonable administrative fee may be charged.
  • Give special care to handling data relating to criminal records or protected characteristics under the Equality Act.

Retention of Data

BDSFA shall only retain:

  • Data for the period for which it is required—defined first by law or regulation, then by internal policy.
  • Personal bank and financial details, when necessary for making or receiving payments on behalf of the Association.
  • Details of disciplinary actions, retained for 5 years as specified by The FA’s regulations.
  • Safeguarding case files, in line with The FA’s regulatory guidance.

At the end of each season, BDSFA shall conduct a ‘data purge’ to ensure compliance with this policy.

References Supporting this Policy

  • Privacy notices and consent documents
  • ESFA handbooks and website
  • BDSFA policies published on its website: https://bdsfa.bdscs.org.uk