The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.

NCL has always taken the utmost care in relation to the protection of user data due to which the impact of GDPR will be minimum. This is a reminder to all users and partners on the data protection requirements that must be adhered to when dealing with NCL users. Below is a check list of requirements that must be adhered to at all times.

Ensure that all data processors are aware of the requirement to keep all consumer data safe and secure and not to share this data. The consumer data of NCL must not be shared with any third party or used for any other purposes. All receipts and copies of identification must be stored securely.

The consumer details that are requested on the NCL site are a regulatory requirement and no additional details should be obtained or retained.

NCL will send out notices that can be displayed in communication to inform users of what privacy data is held by NCL and with whom the data may be shared. The notices will explain why the personal data is requested and that consumers have a right to complain to the ICO if they believe the data has been compromised. Consumers also have the right to request for the personal data that we hold.

The GDPR includes the following rights for individuals:

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making including profiling.
On the whole, the rights individuals will enjoy under the GDPR are the same as those under the data protection act but with some significant enhancements.

If a consumer requests for the data that NCL holds on the users, the ID of the consumer must be checked and the user will be requested to provide this in writing which will be passed on to the management of NCL to process. The requested information will be provided within 30 days. For each request, a decision will be taken whether the data can be shared and if not, a reason will be provided to the user.

Users under the age of 13 are not permitted to play in NCL, this a regulatory requirement.

If you believe that the personal data of a user or users may have been compromised, inform the Committee representative Mr. Nahed Patel at 07957485548 nahed@nationalcricketleague.co.uk .

Nahed Patel, the legal committee representative of NCL is also the data privacy officer and responsible for all queries in relation to data protection.