Six key Questions for Golf Clubs about GDPR

This blog post is a summary of a Sector Note produced for our clients. If you would like access to the complete document, please get in touch.

Q1.Does GDPR impact Golf Clubs?


  • Any organisations that handle peoples’ data are governed by these laws. Specifically the Irish & UK 2018 Data Protection Acts and the EU’s GDPR applies to Golf Clubs and the governing body of the club is legally responsible for GDPR compliance.

Q2. So can I keep any Personal Data?


  • An organisation can only keep personal data if it has a legal basis, and GDPR has defined six and only six Legal Bases. All data processing must fit into at least one of these six.  Personal data processing can span from CDH IDs to e-mails to CCTV footage all of which can be scattered over multiple systems and it’s not always clear why it’s being kept.

Q3. What about Sensitive Data?

It depends!

  • Information about children, health, religion, sexuality and certain other categories, is subject to additional safeguards and restrictions under GDPR law. It can’t be just another set of data it needs to be treated extra carefully

Q4.What are Data Subject Rights?

  • The underlying principle of GDPR is that individuals own their own data. So in the absence of another factor, people can ask for their data back and many other rights.  This area is a minefield and Golf Clubs ignore it at their peril.

Q5. Why is there so much noise about security?

  • When an organisation loses control of personal data, a “Data Breach” is said to occur. Loss of control is typically classified under three headings: Confidentiality, Integrity & Availability.  Confidentiality includes traditional hacking and data theft.  Integrity is around mistakes and data corruption. Finally availability covers an inability to gain access to data, so an accidental deletion for example.
  • Once a breech occurs certain regulators and impacted people may have to be informed , once this starts the media inevitably highlight the incident. Coupled with the fines and compensation claim, the inevitable adverse publicity a data breach causes can have severe consequences on a club.

Q6. What if my club has further queries?

  • DigiTorc provides extensive information and practical guidance on data protection on its website,
  • Clubs should inform themselves further regarding their obligations under GDPR legislation by reviewing that site or requesting a consultation with one of our experts.


DigiTorc are not lawyers and the material in this document does not constitute legal advice: it is intended as a guideline only. In case of specific Data Protection queries please contact your legal advisors.

Leave a Reply