GDPR Advice

GDPR and Data Protection advice

A change in government legislation regarding data protection called The General Data Protection Regulation (GDPR) will be in place from 25th May 2018.

The guidance given here is aimed at assisting British Fencing affiliated clubs and associations with identifying the key areas that they should be addressing as a result of the additional requirements arising from the upcoming introduction of GDPR.

You can view:

  • Important guidance for clubs including proposed wording regarding athlete registration
  • FAQs
    • What is GDPR and what does it mean for grassroots clubs?
    • Does this apply to our club?
    • My club is only a small one with a few members: surely this won’t apply to me?
    • What are the key things to consider for grassroots clubs?
    • What if my club organises events, do we need to add anything to the booking form?
    • I looked at the impact of the existing UK Data Protection Act on my club and am happy that my club is compliant, so what is new about GDPR?
      • More communication
      • ICO notifications
      • Responding to subject access requests
      • Obligations
      • Fines increase significantly
      • Getting consent
      • Data retention
      • Privacy by design
      • Breaches
      • Children
      • Data transfer
      • Privacy or data capture statements
      • Does all this only apply to data that is held digitally, e.g. on a computer, or does it cover paper records?
      • My club keeps its membership records “in the Cloud” (e.g. via shared files on DropBox or Google Drive, or via a bespoke or commercially available membership system): what should I do about that data?
      • Top tips to start your journey to GDPR readiness


Important guidance for clubs for compliance with GDPR

BF will be emailing all clubs with a link to this information. If your club is unable to access this information or if you have any questions about the proposed wording or any of the changes under the GDPR please email  Please note that we cannot offer tailored compliance advice and you may need to seek independent advice and guidance if you have specific queries that relate to your club.

When an individual joins an affiliated club, if they are not already a member of BF they should also join BF. This is typically done online by the individual (or their guardian). In those cases the BF process will ensure that all the necessary consents are collected to allow BF, and those operating on its behalf to process their personal data in the way described.

If the affiliated club is collecting details in order to registering and/or manage a membership with BF on behalf of the member, the club MUST ensure that the necessary consents are collected to allow this transfer of data to BF.

In both cases the club must ensure that consent is given to allow the affiliated club to process the member’s data. This consent should already be an established practice as it falls under the expectations of the existing Data Protection Act.

To assist in the process for ensuring that both the club and BF comply with the GDPR in this respect, we have prepared some sample wording to be included on your application / membership form which we have set out below. Please note that we are also updating our online system so that if you enter data for new members you will be required to confirm that they have been made aware that their information will be shared with BF as well.


Proposed wording for affiliated clubs/bodies who register and manage BF memberships on behalf of those members

Frequently Asked Questions

More Communication

Top tips to start your journey to GDPR readiness